Firewall Wizards mailing list archives
port 17027
From: "Ken Fox" <kenfox () starlinx com>
Date: Thu, Mar 30 2000 18:17:13 GMT-0500
Has anyone seen heavy activity on port 17027 from boxes inside a firewall -- specifically, a number of users systems keep trying to send tcp packets to ip addresses in the 216.33.0.0 through 216.35.0.0 range with a desitination port of 17027. That address range is owned by exodus.net , and further the individuals IP addresses are owned by %rwhois V-1.5:003fff:00 rwhois.exodus.net (by Network Solutions, Inc. V-1.5.3) network:Auth-Area:216.33.0.0/16 network:Class-Name:network network:Network-Name:216.33.208.0 network:IP-Network:216.33.208.0/20 network:Organization;I:DIALTONE INTERNET network:Address-1;I:18331 Pines Blvd network:Address-2;I:Pembroke Pines, FL 33029 network:Admin-Contact;I:DNS () DIALTONEINTERNET NET network:Tech-Contact;I:DNS () DIALTONEINTERNET NET network:Created:99-MAY-20 network:Updated-By:dave This company provides Datacenter capabilities. Co-location ... We have been hypothesizing that this could be some ICQ type app or some malicious bug that someone(s) has/have caught by surfing in the wrong places. In the cases where we have contacted the owners of the systems sending these packets, they have been clearly clueless about the traffic emanating from thier computers. HAs anyone else seen this? Thanks, Ken
Current thread:
- port 17027 Ken Fox (Apr 10)
- Re: port 17027 S. Jonah Pressman (Apr 13)
- Re: port 17027 Frank L. Heidt (Apr 18)
- <Possible follow-ups>
- Re: port 17027 Robert Graham (Apr 13)
- Re: port 17027 Bill_Royds (Apr 18)
- Re: port 17027 Paul D. Robertson (Apr 20)
- Re: port 17027 ark (Apr 18)
- RE: port 17027 Ray, Garrett - Mclean (Apr 20)
- Re: port 17027 Bill_Royds (Apr 24)