October 2nd, 2003, 04:09 AM
Firewall forensics revisited
Got a question that has had me tugging at my hair for the last few days. I've been noticing some unusual activity in my firewall logs the last few days, but no big deal because they are all getting knocked down.
Through various means, I can find out what services are running on what ports, what services are assigned, etc. However, what I can't seem to find anything that goes more in depth.
For example, tonight I had a ping at port 3065. I don't really care if it was normal, it was just that it was something I hadn't seen before. It was blocked, so again, no big deal. My firewall tells me that it was for splinterbase, view.atdmt.com, etc. So I go to try to find out what splinterbase is, but all I can find on Google is port listings, no explanation of what the hell it is.
Is there some resource somewhere that explains what some of these services are? I hate to keep asking here when it's something (I think) I should be able to find on my own.