Re: Connection to TCP port 1197?

From: Maxime Ducharme (maxime_at_pandore-designSPAMISBAD.com)
Date: 09/29/03 

Date: Mon, 29 Sep 2003 16:18:57 -0400

If you have a dynamic IP address, try to disconnect
and reconnect to change IP, and se if this attack continues

Ensure also that nothing in your LAN is sending packets
from this port to Internet addresses.

I'm not aware of programs running on this port except some
custom configuration for standard apps.

Ciao

---------------------------------------------------------------
  Maxime Ducharme
  Administrateur reseau, Programmeur

"Leif Engman" <news@leien.info> wrote in message
news:3F760A2D.4033D005@leien.info...
> Dirk Claessens wrote:
> >
> > on 27 sep 2003, "Leif Engman" wrote in comp.security.firewalls :
> >
> > >
> > >
> > > When I started to examine them, I found that most of the dropped
> > > packets (about 3 out of 4) was directed to TCP port 1197 on the
> > > router.
> > >
> > [..]
> >
> > > Does anyone know what TCP port 1197 is supposed to do? I have
> > > searched the internet for information about it but have found
> > > nothing useful.
> > >
> >
> > Below is a snippet of the IANA Assigned numbers list.
> > As you can see, 1197 TCP/UDP is not assigned as a "well known" port
number.
> >
> > If I were you, I wouldn't bother about it too much. My firewall logs are
> > cluttered with this kind of garbage all the time. That's what firewalls
are
> > for! All the time, people all over the world are mistyping IP's, are
using
> > cranky application software, PC's are crashing or are being
misconfigured,
> > etc...
> >
> > ---
> > # 1186-1187 Unassigned
> > hp-webadmin 1188/tcp HP Web Admin
> > hp-webadmin 1188/udp HP Web Admin
> > # Lance Kind <lance_kind@hp.com>
> > # 1189-1198 Unassigned
> > dmidi 1199/tcp DMIDI
> > dmidi 1199/udp DMIDI
> > # Phil Kerr <phil@plus24.com> February 2002
> > scol 1200/tcp SCOL
> > scol 1200/udp SCOL
> > ---
> >
> > --
> > Dirk.
> >
> > All programming is done with the glands.
> > Logic is added later to tidy things up.
> > http://users.pandora.be/dirk.claessens2/
>
> Thanks for the information!
>
> I'm not that bothered about it, I just thought that it was strange that
> I
> saw that amount of traffic to the same port from different IP adresses.
>
> A friend of mine that has the same ADSL supplier as me, and is located
> on
> the same C-class subnet as me, doesn't see a single one of these packets
> directed to TCP port 1197. Strange, but as you say, I'll just have to
> live with it ;-) Too bad that the logs get so big...
>
> /Leif Engman

Relevant Pages

  • Re: HELP REQUIRED - Strange Hacking Attempt!!!!
    ... I am running OnTrack NetDefense firewall and AtGuard. ... The strange thing is that NetDefense lists the ... > Remote Port: 67 ... > Could it simply be an Internet router or something harmless? ...
    (comp.security.firewalls)
  • Re: HELP REQUIRED - Strange Hacking Attempt!!!!
    ... It's not strange and it's not a hacking attempt. ... your firewall is catching and logging ... > Remote Port: 67 ... > Could it simply be an Internet router or something harmless? ...
    (comp.security.firewalls)
  • Configure iptables to not log certain hits
    ... Create a script that would parse my firewall logs for IP ... Doing this would certainly stop their ping attempts, ... to port 1026 or 1027. ... iptables command could result in scp connections not being logged. ...
    (comp.os.linux.security)
  • SUMMARY: remote printing
    ... lp system we should only need port 515 open through the firewall. ... still not working is to look at the firewall logs while tyring to send print ... Roger Kynaston ... Information Technology Services ...
    (SunManagers)
  • Re: portsdb and portupgrade causes errors
    ... > Because the way we used to do it required tremendous churn in the ... It's really not a bother, and with DSL it takes like 30 seconds to ... I really think making the INDEX files into a port would be the best ... done without creating churn on the CVS repository, ...
    (freebsd-stable)