Connections to an unknown port
Results 1 to 5 of 5

Thread: Connections to an unknown port

  1. #1
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74

    Unhappy Connections to an unknown port

    Hi All,

    I'm getting email logs from my router tellling me that a source on the internet is trying to connect to my router on port 45399. Does anyone know what this port is and what it does? Been searching the net and cannot find the answer?

    The source IP and port address changes all the time but on my side I've picked destination port numbers 45399, 61306

    Eg.

    UDP Packet - Source:XXX.XXX.XXX.227,50250 Destination:XXX.XXX.XXX.66,45399 - [DOS]
    TCP Packet - Source:XXX.XXX.XXX.132,6757 Destination:XXX.XXX.XXX.66,45399 - [DOS]

    What does this mean and how do I stop it? Is it media streaming happening via you tube perhaps?

    Thanks for help
    .....I rather not say....

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Brad,

    As of 22 March 2010 all those ports were either registered but unassigned, or dynamic/private.

    I looked at a few malware port listings and none of them showed up there either.

    I do not believe that it has anything to do with Youtube, who would use port 80 I would guess?

    You might find out more if you look up the IP addresses of the source machines?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Member bradlesliect's Avatar
    Join Date
    Apr 2006
    Location
    CT - SA
    Posts
    74
    @Nihil

    ...thanks for feedback. I would check the source but the source IP keeps changing. I have a feeling that its malware running. The client uses bit torrent. He says he has stopped his downloads but I think it might still be running in the background.

    any other ideas?
    .....I rather not say....

  4. #4
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    scratch and sniff...

    seriously... run ur fav packet sniffer and take a look at the traffic.
    In God We Trust....Everything else we backup.

  5. #5
    Member
    Join Date
    Apr 2004
    Posts
    69
    My IPcop firewall gets attempts on those ports all the time (a lot of attempts in a short time period, from multiple IP address, from multiple countries). I suspect it's some botnet looking for machines infected with a certain malware that listens on those ports, or probably background noise. I haven't torrented in months.

Similar Threads

  1. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 08:37 PM
  2. Help with Trojans!!!
    By Jubei_Yagyu_14 in forum Newbie Security Questions
    Replies: 19
    Last Post: February 19th, 2004, 07:42 PM
  3. ports
    By hatebreed2000 in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: March 14th, 2003, 05:36 AM
  4. My firewall block this attempt.. but need info
    By LordChaos in forum Firewall & Honeypot Discussions
    Replies: 19
    Last Post: October 4th, 2002, 11:58 AM
  5. Port list
    By Badassatchu in forum Other Tutorials Forum
    Replies: 13
    Last Post: March 23rd, 2002, 02:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides