Firewall Wizards mailing list archives
Re: Port 1443
From: john_smith () rd qms com
Date: Fri, 09 Oct 98 11:14:50 -0600
Hello All, One source I've used to try to track down those hard to find IP addresses is: http://ipindex.dragonstar.net/ Can be a good starting point. According to that site the 207.112.128.0 - 207.112.255.0 block is allocated to NAP.NET, LLC (netblk-cnap-nn03). Have a good day (or night:). John Smith QMS, Inc. ______________________________ Reply Separator _________________________________ Subject: Port 1443 Author: "Justin Clift" <vapour () digitaldistribution com> at Internet-Mail Date: 10/9/98 3:44 PM Hiyas, One of our users is running ConSEAL PC Firewall on her PC. She has a dial-up modem connection, on a standalone PC. As of yesterday, it is reporting outgoing TCP connection attempts to 207.112.156.42 on Port 1443, but the source port on her PC is incrementing by one on every failed attempt. There is a new attempt around every 10 to 20 seconds, whilst she is online only though. I am unable to resolve who that IP belongs to, and I'm wondering if anyone knows if this may be a trojan or something as simple as registration confirmation. Does anyone know of a way on Win95 to find out which process/application is initiating these connection attempts? I haven't gone to the stage of removing the machine, and then spoofing the target IP on a standalone dial-in system to find out what it does when it connects just yet.... + Justin Clift Digital Distribution www.digitaldistribution.com
Current thread:
- Port 1443 Justin Clift (Oct 09)
- Re: Port 1443 Peter J. Cherny (Oct 13)
- <Possible follow-ups>
- Re: Port 1443 john_smith (Oct 13)
- Port 1443 Justin Clift (Oct 14)