Connect thru PIX & ports 1727, 2209, 9200

[JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)]

Hello,

This is my first contribution to this list. Recently, going through my
syslogs, I found an individual that has, apparently, successfully initiated
a connection through our PIX. I thought this was a bit surprising. They then
proceeded to send 1 UDP/1727 packet to every one of our external IP
addresses (only 1 class C subnet) to port 9200.

During this walkabout they also tried to send UDP/1727 to a variety of our
private network addresses on port 9200. I am wondering how they were able to
detect these addresses. Of course, I'm wondering how they established the
connection through the PIX.

Once the individual was done the connection was torn down. Then, they start
back up again (with a new connection built through the firewall) except this
time, they are sending their UDP packet from port 2209.

Are any of you familiar with these ports or what is going on?

One last bit of info, the internal system that they established the
connection with is my syslog monitor (PrivateI, NT4.0, SP3). If it wasn't
personal enough that they seem to have compromised me a bit, they had to do
it with one of my own systems.

Cheers,

Jeff

:::::::::::
Jeffrey L. Nelson
Network Manager
Cleveland Motion Controls