Re: What runs on port 2500

From: Anon (anon_at_nowhere.com)
Date: 09/22/04 

Date: Wed, 22 Sep 2004 11:44:53 +1000
To: Max Mustermann <anonymous@remail.amessage.info>

Max Mustermann wrote:
> On Tue, 21 Sep 2004, Leythos <void@nowhere.org> wrote:
>
>
>>>That many connections is bizarre. It sounds like either a seriously
>>>misconfigured machine looking for network resourses randomly, or someone
>>>scanning for open ports. Is the host port 2500, or the destination port?
>>>Outbound on local 2500 might be some trojan or other critter thinking it
>>>might hide behind a network service to spread/signal. Outbound to port 2500
>>>from random ports might be something scanning for open rts, but I can't
>>>imagine why. Outbound from 2501 to random IP:2500 would indicate a
>>>misconfiguration. Maybe a munged netmask or DHCP thing. Never seen it
>>>before.
>>
>>Yea, it was outbound TO port 2500. I agree, it doesn't look good, but it
>>could be a valid connection to that service - kind of scanning until it
>>finds a server it can connect to (like P2P File Sharing services, which
>>are banned on the network).
>
>
> Know the local port? If it's 2501 I'd bet my left nut it's a configuration
> problem. Some odd situation where one machine seems to think it's local
> network consists of "the world". ;)
>
>
>>Blocking outbound 2500 at the firewall seems to have killed it, and it
>>was only happening from 1 of 40 systems on the network. Since the kids
>>brought these computers, and we cleaned them before connecting them,
>>this has been the only case of something strange outbound.
>
>
> I honestly don't know all that much about this particular service, but I'd
> be mildly concerned about breaking something by not letting a box become
> aware of it's network resources. Best case it simply quits looking. Worst
> case it looks so hard it forgets to do anything else.
>
> Just guessing mind you.
>
>
>
>

Perhaps someone is using a P2P program with a user-selected port.

Perhaps it is someone sending email - see http://tinyurl.com/6rk9e

I already have a left nut thank you :-)

A

Relevant Pages

  • Re: Unable to telnet into port 25
    ... Be sure that the network you're doing ... some ISPs don't allow port 25 outbound except through their own ... unable to telnet into port 25 from outside of our network. ...
    (microsoft.public.exchange.setup)
  • Re: What runs on port 2500
    ... it was outbound TO port 2500. ... If it's 2501 I'd bet my left nut it's a configuration ... > aware of it's network resources. ...
    (comp.security.firewalls)
  • Re: List of service and port for network?
    ... > Our network not connects to Internet, ... I permit only outbound of port ...
    (microsoft.public.windowsxp.security_admin)
  • Re: What runs on port 2500
    ... >>it's some form of file sharing service or other. ... Is the host port 2500, ... > Outbound on local 2500 might be some trojan or other critter thinking it ... > might hide behind a network service to spread/signal. ...
    (comp.security.firewalls)
  • Re: What runs on port 2500
    ... >>it's some form of file sharing service or other. ... Is the host port 2500, ... > Outbound on local 2500 might be some trojan or other critter thinking it ... > might hide behind a network service to spread/signal. ...
    (comp.security.misc)