strange logs -- tcp port 16166

From: Jiang Peng (pengf_at_hotmail.com)
Date: 06/25/03

Next message: Dave Phelps: "Re: War Dial on my PBX"

Previous message: David J. Meltzer: "RE: Intrusec 55808 Trojan Analysis"
Next in thread: Jerry Shenk: "RE: strange logs -- tcp port 16166"
Reply: Jerry Shenk: "RE: strange logs -- tcp port 16166"
Maybe reply: James C. Slora, Jr.: "RE: strange logs -- tcp port 16166"
Maybe reply: tcleary2_at_csc.com.au: "Re: strange logs -- tcp port 16166"
Maybe reply: Justin Pryzby: "Re: strange logs -- tcp port 16166"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@lists.securityfocus.com>
Date: Wed, 25 Jun 2003 11:00:16 +0800

Hi all,

For the last month, I received the following log message continuelly =
from the PIX firewall:

%PIX-4-106023: Deny tcp src outside:87.104.162.116/64604 dst =
inside:hostname/16166 by access-group "out
side_access_in"

At first, there were only a couple of messages every day, but from last =
week, there are 30-40 messages every day.
All the message has the same source, source port and same destination, =
destination port. The destination is our external DNS server. I checked =
google, but still no idea what kind of services running on port 16166.

Does anyone have any clues for this message?

Thanks,
Jiang

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: Dave Phelps: "Re: War Dial on my PBX"

Previous message: David J. Meltzer: "RE: Intrusec 55808 Trojan Analysis"
Next in thread: Jerry Shenk: "RE: strange logs -- tcp port 16166"
Reply: Jerry Shenk: "RE: strange logs -- tcp port 16166"
Maybe reply: James C. Slora, Jr.: "RE: strange logs -- tcp port 16166"
Maybe reply: tcleary2_at_csc.com.au: "Re: strange logs -- tcp port 16166"
Maybe reply: Justin Pryzby: "Re: strange logs -- tcp port 16166"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SMTP Virtual Server: How do I make the source port stop using a random port?
... How do I make the source port stop ... _If_ you were to make the source port be a fixed port, ... destination address may not be re-used within 2*MSL (essentially, ... target mail server, the source address is your IP address, and the protocol is ...
(microsoft.public.inetserver.iis.security)
Re: Pix DMZ DSL
... That only permits access when the source port is 25 and the destination ... PIX receives a packet with a *destination* port of 25, ...
(comp.dcom.sys.cisco)
Re: Hash Table
... on a TCP packet parser and associating the Source Port and Destination ...
(comp.lang.verilog)
Re: zonealarm and internet explorer query
... and what was the source port and destination ... what protocol was used? ...
(alt.computer.security)
Re: Problem sending E-mail to 1 server
... If I try the same thing (telnet to port ... Source IP: 64.208.166.12, Destination IP: 66.133.129.70 ... PROTOCOL: ICMP ... Header checksum: 0xEE82 ...
(microsoft.public.exchange.admin)