Security Basics mailing list archives

RE: Port 2848

From: "Dominick Sardina" <dsardina () si rr com>
Date: Wed, 18 Dec 2002 19:39:54 -0500

Hi nathan:

I think your right.

 
2847
 tcp/udp
 aimpp-port-req
 AIMPP Port Req
 
2848
 tcp/udp
 amt-blc-port
 AMT-BLC-PORT
 
2849
 tcp/udp
 fxp
 FXP
 

Hope this helps

DS-
 

-----Original Message-----
From: Nathan [mailto:nathan.grandbois () cerdant com] 
Sent: Wednesday, December 18, 2002 11:30 AM
To: Security Focus (E-mail)
Subject: Port 2848


I don't know if this is the proper forum for this question so if it's not
I'm sorry.

Appended is an excerpt of a log off of one of our firewalls. I think that
this guy is using AIM but I can't determine. The only thing I could come up
with for port 2847 is the AIMPP-Port Req (from all the port lists) and
nothing for 2848. 192.168.100.2 tries to connect to 206.204.212.226 on port
2847 then 2 minutes later to 206.204.52.98 on port 2848 then again to
206.204.212.226 13 minutes later and the pattern repeats. Do you think this
has anything to do with AIM or could it be some other software application
that uses these ports and the port listing for 2847 is not entirely correct?
12/16/2002 00:01:03.656 - TCP connection dropped - Source:192.168.100.2,
1333, LAN - Destination:206.204.52.98, 2848, WAN 12/16/2002 00:14:08.256 -
TCP connection dropped - Source:192.168.100.2, 1741, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 00:16:04.848 - TCP
connection dropped - Source:192.168.100.2, 1796, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 00:29:09.752 - TCP
connection dropped - Source:192.168.100.2, 2204, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 00:31:06.096 - TCP
connection dropped - Source:192.168.100.2, 2257, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 00:44:10.928 - TCP
connection dropped - Source:192.168.100.2, 2690, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 00:46:07.320 - TCP
connection dropped - Source:192.168.100.2, 2745, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 00:59:12.192 - TCP
connection dropped - Source:192.168.100.2, 3154, LAN -
Destination:206.204.52.98, 2847, WAN 12/16/2002 01:01:08.368 - TCP
connection dropped - Source:192.168.100.2, 3209, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 01:14:13.464 - TCP
connection dropped - Source:192.168.100.2, 3615, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 01:16:09.384 - TCP
connection dropped - Source:192.168.100.2, 3672, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 01:29:14.656 - TCP
connection dropped - Source:192.168.100.2, 4069, LAN -
Destination:206.204.52.98, 2847, WAN 12/16/2002 01:31:10.544 - TCP
connection dropped - Source:192.168.100.2, 4131, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 01:44:15.768 - TCP
connection dropped - Source:192.168.100.2, 4558, LAN -
Destination:206.204.52.98, 2847, WAN 12/16/2002 01:46:11.768 - TCP
connection dropped - Source:192.168.100.2, 4623, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 01:59:17.048 - TCP
connection dropped - Source:192.168.100.2, 1052, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 02:01:12.896 - TCP
connection dropped - Source:192.168.100.2, 1124, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 02:14:18.224 - TCP
connection dropped - Source:192.168.100.2, 1529, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 02:16:14.128 - TCP
connection dropped - Source:192.168.100.2, 1589, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 02:29:20.928 - TCP
connection dropped - Source:192.168.100.2, 1996, LAN -
Destination:206.204.52.98, 2847, WAN 12/16/2002 02:31:15.624 - TCP
connection dropped - Source:192.168.100.2, 2046, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 02:44:22.224 - TCP
connection dropped - Source:192.168.100.2, 2475, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 02:46:16.720 - TCP
connection dropped - Source:192.168.100.2, 2529, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 02:59:23.576 - TCP
connection dropped - Source:192.168.100.2, 2932, LAN -
Destination:206.204.52.98, 2847, WAN 12/16/2002 03:01:17.864 - TCP
connection dropped - Source:192.168.100.2, 2992, LAN -
Destination:206.204.52.98, 2848, WAN 12/16/2002 03:14:24.736 - TCP
connection dropped - Source:192.168.100.2, 3400, LAN -
Destination:206.204.212.226, 2847, WAN 12/16/2002 03:16:19.208 - TCP
connection dropped - Source:192.168.100.2, 3463, LAN -
Destination:206.204.212.226, 2848, WAN 12/16/2002 03:29:26.256 - TCP
connection dropped - Source:192.168.100.2, 3862, LAN -
Destination:206.204.212.226, 2847, WAN

Nathan Grandbois
Cerdant, Inc.
This message may contain confidential material and is intended only for the
person or entity to which it is addressed.  Any review, retransmission,
dissemination or other use of, or taking of any action by persons or
entities other than the intended recipient is prohibited.  If you are not
the intended recipient, please delete the information from your system and
contact the sender.
Current thread:

Port 2848 Nathan (Dec 18)
- RE: Port 2848 Dominick Sardina (Dec 19)
- RE: Port 2848 Mahoney, Paul (Dec 20)
- <Possible follow-ups>
- re: Port 2848 H C (Dec 19)
- RE: Port 2848 Mike Heitz (Dec 19)
- RE: Port 2848 Malin, Scott M (Dec 20)