Re: Port 4750 activity

• Previous message: kms news: "wireless broadband security"
• In reply to: Bit Twister: "Re: Port 4750 activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Nov 2004 13:27:25 -0600

On Fri, 26 Nov 2004 17:29:33 GMT, Bit Twister
<BitTwister@localhost.localdomain> wrote:

>On Fri, 26 Nov 2004 11:21:47 -0600, justNOSPAM@thisplace.net wrote:
>> Does anyone know of a new virus or worm that is causing a flurry of
>> activity on port 4750? when I logged on to the internet this morning
>> at around 10:30 AM, I checked the traffic log of my firewall and in
>> about two minutes, it had blocked around a hundred or more attempts to
>> connect to my PC on that port.
>
>Some places to look
>http://www.dshield.org//port_report.php?port=4750
>http://isc.sans.org/port_details.php?port=4750
>
>Malware is changing at about 1 new one every hour.
>After an eight hour sleep, your antivirus update is a little bit
>behind. :(
>
>That assumes your AV vendor has trapped the new malware,
>generated/tested for it in the database and moved it into production
>ready for you do download the new signatures.

Thanks for the info. I also did an Alta Vista search on the port
number and found an application called MERLIN (Maryland's
Environmental Resources & Land Information Network) that uses that
port. From what I read I gather it's some kind of online map maker.
Of course that doesn't mean it was the application responsible for all
of those blocked attempts.

Later, I reconnected to the internet and checked my traffic log, and
found no entries for connection attempts on port 4750. Since I am
using a dialup connection, with dynamic IP addresses, this leads me to
think it is another case of a customer of my ISP having used that IP
address at some time to do some P2P sharing. I found that this
happens a lot with P2P apps, where persons share with another person,
then keep trying to use the same IP address to access the same PC
later, only to find they can't connect because the IP address has
changed. I would think it would only take them a few minutes to
realize they are dealing with dynamic IP addresses and not static IP
addresses.

Anyway, I'll keep my eyes on this. Not really a problem since my
firewall blocks that port by default. I just like to try to identify
and keep up with any malicious programs that might be out there in
cyber space.

Later

JES

• Previous message: kms news: "wireless broadband security"
• In reply to: Bit Twister: "Re: Port 4750 activity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]