Port 788 (Was: hitting the "on" switch)

[kees () echelon nl (Kees Hendrikse)]

Marcus J. Ranum wrote:

> Anyhow, welcome to the list. The floor is yours.

Thank you :-)

I'm puzzled by the following log entries from my Cisco (edited):

Sep  3 21:46:13 tcp A.B.C.D(788) -> Z.Z.Z.116(2148), 1 packet
Sep  5 05:05:50 tcp A.B.C.D(788) -> Z.Z.Z.116(1596), 1 packet
Sep  5 18:35:16 tcp A.B.C.D(788) -> Z.Z.Z.116(1564), 1 packet
Sep  7 01:37:53 tcp A.B.C.D(788) -> Z.Z.Z.116(2144), 1 packet
Sep  7 08:30:54 tcp A.B.C.D(788) -> Z.Z.Z.116(2488), 1 packet
Sep  7 23:07:25 tcp A.B.C.D(788) -> Z.Z.Z.116(2336), 1 packet
Sep  8 05:35:11 tcp A.B.C.D(788) -> Z.Z.Z.116(1600), 1 packet
Sep  8 06:08:53 tcp A.B.C.D(788) -> Z.Z.Z.116(1540), 1 packet
Sep  9 01:32:47 tcp E.F.G.H(788) -> Z.Z.Z.116(1560), 1 packet
Sep  9 01:38:37 tcp E.F.G.H(788) -> Z.Z.Z.116(1560), 1 packet
Sep  9 19:56:37 tcp A.B.C.D(788) -> Z.Z.Z.116(1752), 1 packet
Sep 10 03:31:47 tcp A.B.C.D(788) -> Z.Z.Z.116(2396), 1 packet

In July and August only A.B.C.D was sending these packets; now I have
two of them. Any ideas what these guys are trying to do? As far as I
know, there are no well-known services using port 788.
By the way, Z.Z.Z.116 has never been in active use.

-- 
Kees Hendrikse                               | email:     kees () echelon nl
                                             |
ECHELON consultancy and software development | phone: +31 (0)53 48 36 585
PO Box 545, 7500AM Enschede, The Netherlands | fax:   +31 (0)53 43 37 415