Security Incidents mailing list archives
RE: Scanning Port UDP 4668
From: Lucas <Lucas () dnsys com>
Date: Mon, 22 Jul 2002 11:36:34 -0500
I did all sorts of google searches and couldn't find anything known to run on that port. Are these just dropped packets being logged? It could be coming from streaming media content that picks from the dynamic port range. If your firewall is using a form of dynamic packet filtering where it opens temporary holes for sessions that originate on the inside, it's important to remember that UDP sessions are approximated and a lot of packets can be dropped. See if there's a PTR DNS record for the source IP. Also, check the source IPs netblock ownership (WHOIS ARIN's database) to see if that might give some clues. http://www.arin.net/ If this doesn't help and you don't get any good info on that port, get us all a network trace if possible or at the very least, the syslog/firewall log. -Lucas -----Original Message----- From: Ken Grossman [mailto:kgrossman () dazzling com] Sent: Monday, July 22, 2002 8:47 AM To: incidents () securityfocus com Subject: Scanning Port UDP 4668 All, One of the groups that I support has been seeing a lot of scanning for UDP port 4668. Before you ask, they did not quantify "a lot". One of the questions that they have is what are the scanners looking for that is running on that port. I checked the IANA port listing at www.iana.org/assignments/port-numbers and found that the port number (TCP and UDP) is unassigned. I also performed a check on the SecurityFocus site to see if this had bee discussed before but found nothing on it. Does anyone know what could be running on that port number? Thanks for your assistance. Ken Grossman, CISSP kgrossman () dazzling com (202) 401-7142 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Scanning Port UDP 4668 Ken Grossman (Jul 22)
- Re: Scanning Port UDP 4668 H C (Jul 22)
- Re: Scanning Port UDP 4668 Vitaly Osipov (Jul 23)
- Re: Scanning Port UDP 4668 H C (Jul 23)
- Re: Scanning Port UDP 4668 Vitaly Osipov (Jul 23)
- <Possible follow-ups>
- RE: Scanning Port UDP 4668 Lucas (Jul 22)
- Re: Scanning Port UDP 4668 GabyHornik (Jul 23)
- Re: Scanning Port UDP 4668 H C (Jul 22)