|
-
April 8th, 2003, 04:45 PM
#1
Member
 What is Vettcp UDP/78 and why is ppl so interested about it
Hi,
I was looking in my XP firewall log. There is a lot of droped UDP packets from many different IP addresses from all around the world.
One of the most popular port is 78.
I googled, searched microsoft.com and this forum, but I only find pages that tell me that port 78 is Vettcp. The only problem is that I have no idea what Vettcp is. So I googled about Vettcp, but only seem to find pages telling me that Vettcp is UPD 78 :P
Im not to worried about all the dropped packages. I only run TCP/IP network service (no file sharing) and keep the xp patched up.
But it is very strange that the source IP's are from many different hosts, from many different countries.
I wonder what is going on...
Please drop any comments,
Thank you for reading 
-
April 8th, 2003, 04:58 PM
#2
Boy. Talk about obscure. All I could find was port listing for the most part but I did stumble across:
http://www.ietf.org/proceedings/99ma...rot-mac-00.txt
http://www.ietf.org/proceedings/98au...prot-v2-03.txt
Both of these refer to Remote MIB. Perhaps that is why you are getting so many requests. A new form of Remote MIB attack/scan?
-
April 8th, 2003, 06:47 PM
#3
I looked all over the place and could never find a description of exactly what vet is...tcp or udp, although the RFC's (i think they were rfc1700) always had it listed, and in the official one, someone with initials 'cxl1' always initialed it. However, I could never find exactly what it is.
I looked at the doc's that MsMittens provided and I think they are just describing the rmon protocol for and the vettcp reference is just the MIB info for the RMON protocol:
vettcp PROTOCOL-IDENTIFIER
PARAMETERS { }
ATTRIBUTES { }
DESCRIPTION
"VET TCP"
REFERENCE
"TBD"
::= { tcp 78,
udp 78 }
Interestingly enough...the reference is 'TBD' which I assumes to be determined...maybe it was never formalized but the reserved port remains? The reference would normally supply the RFC number describing it... The description field also in the rest of the MIB's was pretty detailed, but only contains the name...so I am thinking that it probably was never formally defined?
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
April 10th, 2003, 11:51 AM
#4
Member
Thx for anwsering
Maybe port 78 is not widely used, and that is why its hard to google info about it.
Well no wories, but im still a bit courious if other people get dropped packages on port 78?
I play on-line games with the pc, and have hosted games, maybe its just gamespy or some other server that lists my pc as a host even if its not at the moment.
The droped packages is not during gameing tho, I get them as soon as my pc is online.
Maybe its time to get zone alarm up and running again :P
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
