tcp 17888

From: David Vestal (
Date: 10/08/03

  • Next message: Harlan Carvey: "Re: tcp 17888"
    Date: 07 Oct 2003 19:56:30 -0500

    While monitoring my firewall I noticed a lot of incoming tcp packets to
    port 17888. All were dropped, so there has been no damage or intrusion.
    I fired up tcpdump and let it catch all the packets for 2 hours and
    using ethereal I found 11105 packets from approx. 30 different sources.
    All packets had the SYN flag and most of the time there were 3 packets
    from the same source port. Many of the source ip's had attempts from
    numerous different ports. Google returned information on "netlet" when
    queried for "tcp 17888". I am not familiar with netlet, it seems to me
    to be some type of rpc.

    Since it seems to be rpc my guess is someone looking for another machine
    to own. I am on an aDSL connection and after the 2 hours of logging with
    tcpdump I shut down the connection and restarted it after 15 minutes and
    have so far not had this scanning again.

    I was wondering if anyone would know what this might be. If anymore
    information is necessary just let me know. Thanks.


  • Next message: Harlan Carvey: "Re: tcp 17888"

    Relevant Pages

    • Re: [opensuse] SuseFirewall IPv4 vs IPv6
      ... # network security threats. ... # Opening ports for LAN services in the external zone defeats the ... # this setting only works for packets destined for the local machine. ... # If the protocol is icmp then port is interpreted as icmp type ...
    • Re: What is going on with my Dialup?
      ... also forward it to an unused port, and have that port provide the ... verses the RST or ICMP 3,3. ... The lack of response causes the remote computer to make ... Others think that by not responding to unwanted packets, ...
    • Re: OT .. Road Warrior communications question
      ... The data on the Internet is sent in little packets. ... The packets addressed to port 80 ... Likewise, at the mail server receiving the packets, it knows the return ... Why would e-mail work on the web but not from your e-mail software? ...
    • Re: Logs: Many hits with source port of 80
      ... The hits from source port 80 to dest port 37852 are IMHO almost ... you should probably see a couple other packets - perhaps ... packets if either you send the load balancer a packet, ... >>I have seen similar hits for the past three months. ...
    • Re: Error 720 connecting to server via VPN
      ... By default the router's firewall is configured to drop ICMP packets ... Select WAN Setup> Advanced> Respond to Ping on Internet Port. ... server and the Internet allow GRE packets. ... routers on the user's network are also configured to allow GRE packets. ...