Firewall Wizards mailing list archives
Re: Port 788 (Was: hitting the "on" switch)
From: BVE <bve () quadrix com>
Date: 19 Sep 1997 19:24:00 -0000
From: kees () echelon nl (Kees Hendrikse) I'm puzzled by the following log entries from my Cisco (edited): Sep 3 21:46:13 tcp A.B.C.D(788) -> Z.Z.Z.116(2148), 1 packet [...etc...] In July and August only A.B.C.D was sending these packets; now I have two of them. Any ideas what these guys are trying to do? As far as I know, there are no well-known services using port 788. By the way, Z.Z.Z.116 has never been in active use. The key question, IMHO, is the ports they are contacting, not where they are coming from. According to the RFC: 1540: rds, 1560: asci-val, 1564:Pay-Per-View, 1596: radio-sm, 1600: issd, 1752, 2144, 2148, 2336, 2396, 2488: not registered Unfortunately, that doesn't really tell you very much. Does anyone know of any services which "unofficially" use these ports? My first guess is that these log entries represent probing of your site by someone.... -- -- Bill Van Emburg Phone: 732-235-2335 Quadrix Solutions, Inc. Fax: 732-235-2336 (bve () quadrix com) (http://quadrix.com) "You do what you want, and if you didn't, you don't"
Current thread:
- Port 788 (Was: hitting the "on" switch) Kees Hendrikse (Sep 18)
- Re: Port 788 (Was: hitting the "on" switch) Dave Roberts (Sep 19)
- Re: Port 788 (Was: hitting the "on" switch) BVE (Sep 19)
- <Possible follow-ups>
- RE: Port 788 (Was: hitting the "on" switch) Giesinger, Nick HE0 (Sep 19)