Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Anyone know what UDP Port 12652 is for?

  1. #1

    Anyone know what UDP Port 12652 is for?

    Anyone know what udp port 12652 is for? I have seen a marked increase in scans for this particular port with many of my customers. I have searched through the forums here and on google and have found no mention of this port used for anything, trojan or otherwise.

    Anyone know what this port may be used for?

    Thanks in advance.

    Grinler

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    207
    yea... the UDP port 12652 I believe is for "****ing Brilliant Evil Trojan v1.001"

    that's about all I could find, and it was on some german security page

  3. #3
    It's a gas!
    Join Date
    Jul 2002
    Posts
    699
    Well its an unassigned port so chances are its a common trojan port that is being scanned for.

    If youve got your AV and firewall s/w up-to-date then you've got nothing to worry about, its probably just some 1337 kids.

    Edit: 500th post, w00t!

  4. #4
    Im not really concerned, just curious. My firewalls and the clients firewalls, are stopping the traffic so it is not major issue.

    Just was curious as to what trojan/sploit would possibly use this port.

    Thanks for the info guys.

    Grinler

  5. #5
    Try the following link. It's a list of assigned and unassigned ports. Not sure how often it is updated. As r3b00+ stated it is an unassigned port.

    http://www.iana.org/assignments/port-numbers

  6. #6
    yeah i know its unassigned. I was just wondering if someone knew a trojan or exploit that uses that port.

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    207
    Originally posted here by Plastic
    yea... the UDP port 12652 I believe is for "****ing Brilliant Evil Trojan v1.001"

    that's about all I could find, and it was on some german security page
    there ya go

  8. #8
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76
    ... another possibility:

    a known trojan with editable ports (B02K, e.g.). Try teleneting to it and no matter how wierd the reply, Google that exact string.


    Myk

  9. #9
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    The explanation Mykol gives is the one I'd put my money on - a lot of trojans nowadays can change the ports they use to avoid detection by scanning for services running on particular ports.

    A google search for the port didn't turn up anything interesting, so it's probably not used by any common peer to peer applications (e.g. Kazaa).
    Paul Waring - Web site design and development.

  10. #10
    Though it could be a trojan that is using that port instead of the default, I dont think thats the case. I have found multiple scans for that port from multiple ip addresses, which leads me to believe its something else. COuld be wrong though, who knows.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •