Re: Remote Connection questions

["S. Rohit" <s.rohit () usa net>]

hi....

    by default the icq instant messenger uses port 1027 for establishing
connections. also 1027 tends to be pretty often selected by outbound clients
as a random source port.

rohit

----- Original Message ----- 
From: <chersk () 9-edge com>
To: <security-basics () securityfocus com>
Sent: Thursday, May 08, 2003 6:54 AM
Subject: Remote Connection questions




Hi,

I ran PortExplorer this afternoon, while I had no apps running, and I
noticed a Remote connection. The details are listed below. Since the ip
address is owned by the DOD, I was a little alarmed. Being very ignorant
on security and remote connections, I was wondering what I should do now,
if anything, and if I should be concerned.

I rebooted and have been checking PortExplorer, but the connection has not
been re-established. The time the connection was created was about the
time I booted up this morning.

Thanks

Jay



RemotePort 16396
148.20.191.1
UDP
Status Listening
LocalPort 1027
Packets Sent 0/0
Packets Received 0/0
Creation 07:48 07/05/2003
Process Svchost.exe


OrgName:    DoD Network Information Center
OrgID:      DNIC
Address:    7990 Science Applications Ct
Address:    M/S CV 50
City:       Vienna
StateProv:  VA
PostalCode: 22183-7000
Country:    US

NetRange:   148.10.0.0 - 148.50.255.255
CIDR:       148.10.0.0/15, 148.12.0.0/14, 148.16.0.0/12, 148.32.0.0/12,
148.48.0.0/15, 148.50.0.0/16
NetName:    ARMYCORP-BLOCKB
NetHandle:  NET-148-10-0-0-1
Parent:     NET-148-0-0-0-0
NetType:    Direct Allocation
Comment:    United States Army Signal Center
Comment:    Fort Gordon
Comment:     ATZH-CDM
Comment:    Fort Gordon, GA 30905-5000 US
RegDate:    1991-03-13
Updated:    1998-09-23

TechHandle: MIL-HSTMST-ARIN
TechName:   Network DoD, Network
TechPhone:  +1-703-676-1051
TechEmail:  HOSTMASTER () nic mil

OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName:   Network DoD, Network
OrgTechPhone:  +1-703-676-1051
OrgTechEmail:  HOSTMASTER () nic mil

# ARIN WHOIS database, last updated 2003-05-06 20:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------




---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------