Firewall Wizards mailing list archives

Re: Port 788 (Was: hitting the "on" switch)

From: BVE <bve () quadrix com>
Date: 19 Sep 1997 19:24:00 -0000


   From: kees () echelon nl (Kees Hendrikse)

   I'm puzzled by the following log entries from my Cisco (edited):
   Sep  3 21:46:13 tcp A.B.C.D(788) -> Z.Z.Z.116(2148), 1 packet
        [...etc...]

   In July and August only A.B.C.D was sending these packets; now I have
   two of them. Any ideas what these guys are trying to do? As far as I
   know, there are no well-known services using port 788.
   By the way, Z.Z.Z.116 has never been in active use.

The key question, IMHO, is the ports they are contacting, not where they are
coming from.  According to the RFC: 1540: rds, 1560: asci-val,
1564:Pay-Per-View, 1596: radio-sm, 1600: issd,
1752, 2144, 2148, 2336, 2396, 2488: not registered

Unfortunately, that doesn't really tell you very much.  Does anyone know of any
services which "unofficially" use these ports?  My first guess is that these
log entries represent probing of your site by someone....
-- 

                                     -- Bill Van Emburg
Phone: 732-235-2335                     Quadrix Solutions, Inc.
Fax:   732-235-2336                     (bve () quadrix com)
                                        (http://quadrix.com)
        "You do what you want, and if you didn't, you don't"

Current thread:

Port 788 (Was: hitting the "on" switch) Kees Hendrikse (Sep 18)
- Re: Port 788 (Was: hitting the "on" switch) Dave Roberts (Sep 19)
- Re: Port 788 (Was: hitting the "on" switch) BVE (Sep 19)
- <Possible follow-ups>
- RE: Port 788 (Was: hitting the "on" switch) Giesinger, Nick HE0 (Sep 19)