Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: New port being scanned

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    12

    New port being scanned

    I have noticed an increase in the last month of scans on my port 34956. Port authority, here, and Symantec did not have any information on this specific port that I found. Does anyone know what is scanning 34956?

    I would guess that some new virus has started circulating on that port but since I did not find the information on Symantec I thought I should ask.

    On the plus side my firewall is blocking it so my machines are not infected.

    Merlin775
    The only consistant thing about me is my lack of consistancy

  2. #2
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    scanning???????on a perticular port????????????
    what is that????????????????????????????????


    anyways u should say attempt to connect.it may be a backdoor i don't think any known service or trojan uses it.must be a new one.try telnetting to 127.0.0.1 on port 34956 see if it is open on ur PC.if it is not may be u didn't allow that perticular aplication to access internet.if it is open find out what program is using that port.
    must be something new.
    nobody is perfect i am nobody

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    It looks like something new. Google didn’t find much answer for me.
    -Simon \"SDK\"

  4. #4
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    what was wrong with my answer respected SDK sir can u please be kind enough to explain
    nobody is perfect i am nobody

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Dshield.org is also reporting a rise in scans on that port. It's unclear however what should be listening on that port.
    Maybe someone modified an existing R.A.T. to listen on a different port?

    Is that the only port a perticular source IP is scanning?
    If not, what other ports are being scanned (from the same source ip)?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    It's unclear however what should be listening on that port.
    AFAIK, port 34596 is unasigned.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by jinxy
    AFAIK, port 34596 is unasigned.
    AFAIK IANA never assigned a port to a worm or RAT
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    AFAIK IANA never assigned a port to a worm or RAT
    I meant it is not a known RAT port.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  9. #9
    Junior Member
    Join Date
    Sep 2004
    Posts
    12

    What I have seen

    My firewall logs are showing multiple IPs from around the world attempting to scan this port. I am currently noticing about ten enteries a day with no obvious repeating of IPs. I am fairly sure that there have been repeat scans over this length of time but I don't know. I have not noticed one IP doing a range of scans on my system with this one included.

    Merlin775
    The only consistant thing about me is my lack of consistancy

  10. #10
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    did u try tracing those ips attacker might be using multiple proxy.
    nobody is perfect i am nobody

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •