February 11th, 2005, 06:32 PM
Data coming for closed udp port
Recently ran my firewall (tiny pro, normally keep it off as i do manual monitoring)
And the activity monitor showed me
1) "Access on unopened udp port 16661" from a system in my subnet. Access was prevented. No application on my system is listening on this port. Searched on internet and found that this is used by a trojan HaxDoor. The destination address of this packet is broadcast (255.255.255.255). What could be the cause of this activity. Is the other system infected by this trojan.
2) "Access on unopened udp port 16889" from a system in my subnet. Access was prevented.
Found nothing on internet for this port. The packet is destined to xxx.xxx.xxx.255 (my subnet). What could be the reason for this activity.
3) "Access on unopened udp port 17401" from a system from different subnet. Access was prevented. What application is this port used for. Destination address of this packet yyy.yyy.yyy.255(different subnet).
What could be the reason for this activity. Is it a trojan advertising itself or something else.
Any steps to be taken for my system or is it a part of normal acitivity.
My OS is win2k pro sp4, no file sharing
February 11th, 2005, 07:21 PM
It's trojans or scanners looking for infected machines. I wouldn't worry about it since the ports are closed.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides