Re: Port 31336 question

From: NeoSadist (neos@dist)
Date: 02/14/03 

From: "NeoSadist" <neos@dist>
Date: Fri, 14 Feb 2003 14:29:54 -0700

"Jeff Gordon" <Jeff_Gordon24@excite.com> wrote in message
news:EX13a.24$tS1.10746050@newssvr13.news.prodigy.com...
> After reviewing my firewall log, I've noticed for the last 48 hours that
> someone has been trying port 31336 on my firewall. It first started out to
> be once or twice every hour the first 12 hours then increased to 3-5 an
hour
> and then this am, they were trying to knock the *** out of it! Like every
> 30 seconds. Can someone tell me why? What is with this port. I have a
> Linksys router with SPI On and WAN Request blocked on the router. So, if
my
> router is not sending reply's back to request, why would someone want to
> keep trying this port. I am NEW to firewalls and how this is all done.
Just
> want to protect my home computers. The IP's were all random, but was able
to
> determined that for the most part were all in the 202-211 and 61-64 first
> octet, which I believe is Taiwan. If someone could give me a little
insite,
> I would greatly appreciate it and if somewhere did make a connection,
would
> the Linksys log show this? I'm using the LogViewer Software to monitor
> traffic. Thanks to all for any help.
>
>

IANA.org lists that port as unassigned (cause no one has registered it I
guess)
Several trojan lists list the following trojans:

port 31336 Bo Whack, *** Funnel

However, let me say that unless you're downloading questionable software
and/or are infected by the trojan, nothing happens if they some how get
through. Good antivirus will be able to detect and remove trojans (or tell
you what software contains them so that you can uninstall it).
So don't panic.
*insight
And no, the linksys probably won't show that the connection was made unless
you see outgoing to those IP's. If you do, then you could be infected. If
not, then you probably aren't.
By the way, go enable SPI on the linksys. It will give you a little added
protection.