Security Incidents mailing list archives
Re: Port probe on 6666
From: Ed Padin <epadin () WAGWEB COM>
Date: Thu, 27 Jul 2000 17:52:47 -0400
I know that webtv can use a local ISP for dialup so that it has to get an IP address that way. For normal access tho, they go through so megaproxies the same way the AOL users do. I had one of these for a little while to quickly check emails and stuff from the web. It became pretty lame after a while because they never updated the technology.... anywhoo, I would ignore these errant UDP scans, especially when you have just acquired and IP address through some dialup. There's all sorts of garbage floatin around in cyberspace. If some one keeps actively probing, pinging, poking and prodding then maybe you can be a little concerned. In the meantime, get a copy of blackice or some other firewall software. if you're using a *nix flavor then find ipfw, ipfwadm or ip chains.
-----Original Message----- From: Vachon, Scott [mailto:Scott.Vachon () PAYMENTECH COM] Sent: Thursday, July 27, 2000 8:47 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Port probe on 6666 I hope this is the right forum for posting this. I had an attempt to connect to one of my systems last night and I am interested in opinions/insight from the incidents group. Information captured: An attempt was made to connect to port 6666 from the below listed IP address: notify-108.iap.bryant.webtv.net 209.240.199.146 on port 6666 UDP port 36063. I contacted the security folks at WebTV (Microsoft) and received the following response: There is a common misunderstanding concerning UDP Port 6666 probes. When WebTV Clients obtain an IP Address they are registered with that IP-Address in our system and stay registered until a timeout threshold is reached or are re-registered with a different IP-Address (whichever comes first.) If another system (Non-WebTV) obtains this same IP-Address previously used by a WebTV Client it may receive packets from our notify service attempting to tell the WebTV client it has mail. *** Security Analyst Microsoft Questions: 1) What is port 6666 (UDP port 36063) used for, if anything ? 2) Since the affected host (non WebTV) is not on the WebTV network, why would WebTV assume my host had been assigned an IP used formerly by one of their hosts ? 3) Has anyone else had this same experience from a WebTV host or service ? Thanks in advance. Scott Vachon Network Implementations Engineer Computer Network Services Paymentech, Inc.
Current thread:
- Port probe on 6666 Vachon, Scott (Jul 27)
- Re: Port probe on 6666 Bill Pennington (Jul 28)
- Re: Port probe on 6666 George H. Kyle IV (Jul 28)
- <Possible follow-ups>
- Re: Port probe on 6666 Ed Padin (Jul 28)