March 30th, 2010, 09:28 AM
Connections to an unknown port
I'm getting email logs from my router tellling me that a source on the internet is trying to connect to my router on port 45399. Does anyone know what this port is and what it does? Been searching the net and cannot find the answer?
The source IP and port address changes all the time but on my side I've picked destination port numbers 45399, 61306
UDP Packet - Source:XXX.XXX.XXX.227,50250 Destination:XXX.XXX.XXX.66,45399 - [DOS]
TCP Packet - Source:XXX.XXX.XXX.132,6757 Destination:XXX.XXX.XXX.66,45399 - [DOS]
What does this mean and how do I stop it? Is it media streaming happening via you tube perhaps?
Thanks for help
.....I rather not say....
March 30th, 2010, 01:06 PM
As of 22 March 2010 all those ports were either registered but unassigned, or dynamic/private.
I looked at a few malware port listings and none of them showed up there either.
I do not believe that it has anything to do with Youtube, who would use port 80 I would guess?
You might find out more if you look up the IP addresses of the source machines?
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
March 30th, 2010, 03:35 PM
...thanks for feedback. I would check the source but the source IP keeps changing. I have a feeling that its malware running. The client uses bit torrent. He says he has stopped his downloads but I think it might still be running in the background.
any other ideas?
.....I rather not say....
March 30th, 2010, 03:48 PM
scratch and sniff...
seriously... run ur fav packet sniffer and take a look at the traffic.
In God We Trust....Everything else we backup.
March 31st, 2010, 02:48 PM
My IPcop firewall gets attempts on those ports all the time (a lot of attempts in a short time period, from multiple IP address, from multiple countries). I suspect it's some botnet looking for machines infected with a certain malware that listens on those ports, or probably background noise. I haven't torrented in months.
By ThePreacher in forum Miscellaneous Security Discussions
Last Post: December 14th, 2006, 09:37 PM
By Jubei_Yagyu_14 in forum Newbie Security Questions
Last Post: February 19th, 2004, 08:42 PM
By hatebreed2000 in forum AntiOnline's General Chit Chat
Last Post: March 14th, 2003, 06:36 AM
By LordChaos in forum Firewall & Honeypot Discussions
Last Post: October 4th, 2002, 12:58 PM
By Badassatchu in forum Other Tutorials Forum
Last Post: March 23rd, 2002, 03:18 AM