Security Basics mailing list archives
RE: Increase in traffic on port 20480 and 6667
From: "Joey Teel" <joeyteel () cableone net>
Date: Thu, 17 Oct 2002 11:29:41 -0500
20480 is also commonly used by some multiplayer games for their server ports also. -----Original Message----- From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com] Sent: Tuesday, October 15, 2002 11:43 PM To: kipsr1 () yahoo com; security-basics () securityfocus com Subject: Re: Increase in traffic on port 20480 and 6667 Be informed that 6667 is also one of the most common ports for IRC servers to run on.... Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com/ New Zealand Is your box REALLY secure?
From: "Kip Sr." <kipsr1 () yahoo com> To: security-basics () securityfocus com Subject: Increase in traffic on port 20480 and 6667 Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT) MIME-Version: 1.0 Received: from outgoing.securityfocus.com ([205.206.231.27]) by mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15
Oct
2002 18:17:18 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid B5334A30D7; Tue, 15 Oct 2002 09:31:25 -0600 (MDT) Received: (qmail 13910 invoked from network); 11 Oct 2002 19:52:09
-0000
Mailing-List: contact security-basics-help () securityfocus com; run by
ezmlm
Precedence: bulk List-Id: <security-basics.list-id.securityfocus.com> List-Post: <mailto:security-basics () securityfocus com> List-Help: <mailto:security-basics-help () securityfocus com> List-Unsubscribe:
<mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com> Delivered-To: mailing list security-basics () securityfocus com Delivered-To: moderator for security-basics () securityfocus com Message-ID: <20021010191609.77255.qmail () web14909 mail yahoo com> Return-Path: security-basics-return-15140-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 16 Oct 2002 01:17:18.0196 (UTC) FILETIME=[C4F10B40:01C274B1] Hi there, In the past few days, my IDS has been picking up traffic coming from port 20480 (on Internet servers) to port 6667 (internal desktops). Both ports are commonly used by trojan horse programs. Has anyone else seens this? 10/10-11:50:01.977897 204.x.x.x:20480 -> 192.168.0.199:6667 TCP TTL:255 TOS:0x10 ID:0 IpLen:20 DgmLen:195 Thanks, Kip Sr. __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
_________________________________________________________________ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp
Current thread:
- Increase in traffic on port 20480 and 6667 Kip Sr. (Oct 15)
- Re: Increase in traffic on port 20480 and 6667 dsardina (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 Pez Mohr (Oct 17)
- <Possible follow-ups>
- Re: Increase in traffic on port 20480 and 6667 KoRe MeLtDoWn (Oct 17)
- RE: Increase in traffic on port 20480 and 6667 Joey Teel (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 Johan De Meersman (Oct 18)
- RE: Increase in traffic on port 20480 and 6667 Trevor Cushen (Oct 17)
- RE: Increase in traffic on port 20480 and 6667 Chris Santerre (Oct 17)
- Re: Increase in traffic on port 20480 and 6667 dsardina (Oct 17)