Firewall Wizards mailing list archives
Re: port 17027
From: "Frank L. Heidt" <heidtf () psns navy mil>
Date: Wed, 12 Apr 2000 11:57:42 -0700
Ken et. al. What you have going on here is *likely* to be a new-ish version of pkzip (or some such freeware) calling' home to mama to get a popup banner to display during the execution of the app. This is pretty much a method of realizing some revenue on "free" software. I assume the boxes generating the traffic are running NT. Check out this link : http://www.pkware.com/sponsors.html for a more complete explanation. As one would expect, Robert Graham has a link describing this behavior on his fire wall FAQ ;-) http://www.robertgraham.com/pubs/firewall-seen.html Ken Fox wrote:
Has anyone seen heavy activity on port 17027 from boxes inside a firewall -- specifically, a number of users systems keep trying to send tcp packets to ip addresses in the 216.33.0.0 through 216.35.0.0 range with a desitination port of 17027. That address range is owned by exodus.net , and further the individuals IP addresses are owned by In the cases where we have contacted the owners of the systems sending these packets, they have been clearly clueless about the traffic emanating from thier computers. HAs anyone else seen this? Thanks, Ken
-- Frank L. Heidt (Heidtf () psns navy mil) Office: (360) 476-3735 Alpha Geek (Puget Sound Naval Shipyard Project) SRA Inc. Western Ops.
Current thread:
- port 17027 Ken Fox (Apr 10)
- Re: port 17027 S. Jonah Pressman (Apr 13)
- Re: port 17027 Frank L. Heidt (Apr 18)
- <Possible follow-ups>
- Re: port 17027 Robert Graham (Apr 13)
- Re: port 17027 Bill_Royds (Apr 18)
- Re: port 17027 Paul D. Robertson (Apr 20)
- Re: port 17027 ark (Apr 18)
- RE: port 17027 Ray, Garrett - Mclean (Apr 20)
- Re: port 17027 Bill_Royds (Apr 24)