Re: What runs on port 2500

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 09/21/04 

Date: 21 Sep 2004 18:53:27 GMT

Leythos <void@nowhere.org> writes:

]In article <cip9e9$153$1@newsfeed.th.ifl.net>,
]anonymus@discussions.microsoft.com says...
]> -----BEGIN PGP SIGNED MESSAGE-----
]> Hash: SHA1
]>
]> Leythos wrote:
]> | I'm seeing outbound activity on port 2500 at a remote location we
]> | started managing last week. The single machine in the network issued
]> | 17000 connections to port 2500 from 9:00 PM to 11:59PM last night, and
]> | it's to IP's all over the world. In looking for port 2500 I've only
]> | found a couple things that it can be (and I've blocked it).
]> |
]> | Anyone run into apps (or anything else) using port 2500 outbound?
]> |
]> You've checked the machine with adaware/spybot/anti-virus etc?

]The system was clean, NAV + AVG detected nothing. I used SBS&D 1.3 to
]check it clean, and I also removed everything from the registry that
]wasn't needed in the HKLM/Run & HKCU/Run trees.

]It started about 9:30 PM and ended around 2:00 AM. It connected to 17000
]sites around the world on port 2500 during that time. I was thinking
]it's some form of file sharing service or other.

]I blocked 2500 at the firewall, but it would be nice to know what it
]was.

It was outgoing port 2500? Sounds like some sort of malware. It sure should
not be connecting to 17000 machines. Were the connections successful?
I would advice removing it, erasing everything and reinstalling and
updating. Sounds far too suspicious.

]--
]--
]spamfree999@rrohio.com
](Remove 999 to reply to me)