Re: attack on port 9586 UDP. anyone knows what is happening?

From: Stupified (neosadist@hotmail.com)
Date: 01/22/03 

From: "Stupified" <neosadist@hotmail.com>
Date: Wed, 22 Jan 2003 09:44:36 -0600

"Paul" <anonimoose@gmx.net> wrote in message
news:e35918e3.0301220826.5a5acc2c@posting.google.com...
> Hi there,
>
> In my logs I see an ongoing attack om port 9586 from various hosts
> (probally spoofed).
> Anyone knows where the lame attack is pointing to, I'v nothing on that
> port and the interval is about 1 every 2 seconds so no effect, besides
> big logs.
>
> Jan 22 16:14:45 gateway-to-hell kernel: vuurmuur (default drop)
> IN=ppp0 OUT= MAC= SRC=217.228.86.57 DST=,my.ip.whas.here LEN=51
> TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=13416 DPT=9586 LEN=31
>
>
> Thanks, Paul

First off, IANA says:
# 9536-9593 Unassigned

Also, my trojan lists say nothing.
Bottom line, it could be anything, such as applications that randomly pick
ports. IANA is only for those who want to register their port numbers, so
whatever. Lots of newer applications randomly pick ports, such as file
sharing and even chat and ftp. If it was blocked, then that's the reason
you have a firewall. SPT: is that source port? I'd say ignore the
destination port cause at least on my LAN the source port is correct (80
when browsing web, for example) but the destination port seems random.
Anyways, bottom line, unknown incoming traffic blocked. Yippee!

Relevant Pages

  • Re: Strange WAN Activity
    ... > firewall logs for a possible TCP FIN scan that keeps ... > company's intranet server IP and its port 80 across our ... > My firewall is a Sonicwall Pro 200 and I'm running W2K ... It's difficult to be sure without inspecting the web server for signs of ...
    (microsoft.public.win2000.security)
  • Re: Identifying Internet Attacks
    ... contain the hacker to a particular machine, leave the machine on the network ... Some firewall software such as ... open ports; however, this will not identify which program is using the port. ... firewall logs, the IIS web and ftp server logs and Windows security event ...
    (microsoft.public.inetserver.iis.security)
  • Re: false portscan alarm
    ... What is the reason of that treffic? ... and the browser and/or the "personal firewall" had decided to close those ... which each have a local source port above 1024 opened outgoing to port 80 ... I've had a dig through my own PIX logs, and while there is nothing for today ...
    (comp.security.firewalls)
  • Re: Port 25 Not Open, cant receive mail
    ... I'm not quite sure on which other logs I can check - The event logs just ... the server. ... I also ran a port scan from another PC on the network, ... If there's no 3rd party firewall, I'd run the CEICW one more time, paying ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Reverse Lookup on Port 137?
    ... After working on this with Marina we concluded that these entries in my logs ... were probably caused by my stupid mistake to try and install the Ms Firewall ... It has been removed and the entries are now gone. ... >> Port 137 has a package block. ...
    (microsoft.public.backoffice.smallbiz2000)