port identification resources
Results 1 to 5 of 5

Thread: port identification resources

  1. #1
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130

    port identification resources

    I'm trying to find information about a tcp port (17967), but i couldnt find any.

    i've tried: google
    Iana.org
    Antivirus software web sites
    insecure
    AO

    I would like to receive some ideas where i can look for this kind of information.
    I want to find:
    what software/service uses that port
    which O.S. families it can appears

    thanks in advance
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  2. #2
    Member
    Join Date
    May 2002
    Posts
    93
    The only thing I could find in that range was the Kuang2 virus. Some sites list is as port 17000 and some 17300.

    Also found this on sarc:
    http://securityresponse.symantec.com...or.dister.html

    Uses 17002-17510


    Might be a variant?

    I'll look some more.


    *Edit*

    http://www.dshield.org/sourceportday...967&day=732122

    3 IP's scanning today on that port...still no indication of what it might be. This showing up in your logs?
    Tachyon

    |-----|Alcohol is my anti-drug |-----|

  3. #3
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    You could download fport
    http://www.foundstone.com/index.htm?...s/overview.htm
    when the page comes up just scroll down to free tools and click on that then look for fport

    fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

  4. #4
    Did you try antiyports ?

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Here more information about why i need it
    We are receiving random scans to that port.
    Not heavly, but it is unusual.
    they come from a lot of hosts, so it appears the scan controls a lot of zombies.
    nothing here is using that port and firewall is defeating all attacks.
    but why that port?
    i cant find a trojan (except that tachyon posted) that fits with this port. But Disk Master (relay smtp) doesnt appear to use that one, besides it appears to be configured to do so.

    scans are direct to this port (only this one). so it appears that is a standard port configuration...
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •