-
November 30th, 2004, 02:29 PM
#1
Junior Member
New port being scanned
I have noticed an increase in the last month of scans on my port 34956. Port authority, here, and Symantec did not have any information on this specific port that I found. Does anyone know what is scanning 34956?
I would guess that some new virus has started circulating on that port but since I did not find the information on Symantec I thought I should ask.
On the plus side my firewall is blocking it so my machines are not infected.
Merlin775
The only consistant thing about me is my lack of consistancy
-
November 30th, 2004, 02:42 PM
#2
Senior Member
scanning???????on a perticular port????????????
what is that????????????????????????????????
anyways u should say attempt to connect.it may be a backdoor i don't think any known service or trojan uses it.must be a new one.try telnetting to 127.0.0.1 on port 34956 see if it is open on ur PC.if it is not may be u didn't allow that perticular aplication to access internet.if it is open find out what program is using that port.
must be something new.
-
November 30th, 2004, 03:00 PM
#3
It looks like something new. Google didn’t find much answer for me.
-
November 30th, 2004, 03:04 PM
#4
Senior Member
what was wrong with my answer respected SDK sir can u please be kind enough to explain
-
November 30th, 2004, 03:18 PM
#5
Dshield.org is also reporting a rise in scans on that port. It's unclear however what should be listening on that port.
Maybe someone modified an existing R.A.T. to listen on a different port?
Is that the only port a perticular source IP is scanning?
If not, what other ports are being scanned (from the same source ip)?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 30th, 2004, 03:46 PM
#6
It's unclear however what should be listening on that port.
AFAIK, port 34596 is unasigned.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
November 30th, 2004, 04:38 PM
#7
Originally posted here by jinxy
AFAIK, port 34596 is unasigned.
AFAIK IANA never assigned a port to a worm or RAT
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 30th, 2004, 04:44 PM
#8
AFAIK IANA never assigned a port to a worm or RAT
I meant it is not a known RAT port.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
November 30th, 2004, 05:53 PM
#9
Junior Member
What I have seen
My firewall logs are showing multiple IPs from around the world attempting to scan this port. I am currently noticing about ten enteries a day with no obvious repeating of IPs. I am fairly sure that there have been repeat scans over this length of time but I don't know. I have not noticed one IP doing a range of scans on my system with this one included.
Merlin775
The only consistant thing about me is my lack of consistancy
-
November 30th, 2004, 06:29 PM
#10
Senior Member
did u try tracing those ips attacker might be using multiple proxy.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|