Results 1 to 3 of 3

Thread: port vs attack name information source?

  1. #1
    Walter Roberson
    Guest

    port vs attack name information source?

    This is not -exactly- on topic for comp.security.firewalls, but
    comp.security.misc was given over to spam years ago, and
    news.admin.net-abuse.sightings was re-organized out of existence
    earlier this year. Please feel free to redirect me to a more
    appropriate (and still active) newsgroup.

    I would like to inquire as to good sites in which I can look up port
    numbers and see which attacks (trojan/virus) they are associated with.
    For example, my firewall logs show that since
    late on October 19, I've had over 155000 attempts to reach tcp 15057
    on my residential connection, but I cannot find any non-trivial
    information about what the port is used for.

    (It is within the realm of possibility that what I'm seeing is a
    randomly chosen port that got registered as an end-point by a
    distributed-processing program such as Skype; it's never easy to track
    such things without packet captures at the time of the original port
    registration.)

    One way or another, it would be easier if there were sites known to
    have fairly up-to-date information about port usage. For example, if
    it turns out to be a random distributed port, then *not* finding the
    port on the list of known attack ports would also give me information
    about what I was seeing in the logs.

    Thank you,
    Walter Roberson

  2. #2
    anders
    Guest

    Re: port vs attack name information source?

    Thu, 29 Oct 2009 08:31:39 -0700 wrote Walter Roberson:

    > I would like to inquire as to good sites in which I can look up port
    > numbers and see which attacks (trojan/virus) they are associated with.
    > For example, my firewall logs show that since late on October 19, I've
    > had over 155000 attempts to reach tcp 15057 on my residential
    > connection, but I cannot find any non-trivial information about what the
    > port is used for.


    It looks like the port is unassigned at:
    http://en.wikipedia.org/wiki/List_of...P_port_numbers

    Port 23399 is the default port number for Skype, but there is no law that
    say it have to be.

    I did Google a little (mumbling something over people that can't do there
    own... ;-) ) and came up empty handed nor www.sans.org or www.iana.org
    seems to have the info you looking for.
    At least Wikipedia has a non complete list over port numbers and some
    references and somewhat useful links.
    /Anders


  3. #3
    Grant
    Guest

    Re: port vs attack name information source?

    On Thu, 29 Oct 2009 17:42:11 +0000 (UTC), anders <andersajja@hotmail.com> wrote:

    >Thu, 29 Oct 2009 08:31:39 -0700 wrote Walter Roberson:
    >
    >> I would like to inquire as to good sites in which I can look up port
    >> numbers and see which attacks (trojan/virus) they are associated with.
    >> For example, my firewall logs show that since late on October 19, I've
    >> had over 155000 attempts to reach tcp 15057 on my residential
    >> connection, but I cannot find any non-trivial information about what the
    >> port is used for.

    >
    >It looks like the port is unassigned at:
    >http://en.wikipedia.org/wiki/List_of...P_port_numbers


    If you're on Linux, see /usr/share/nmap/nmap-services -- but the only
    extra info there is open frequency:

    ~$ grep 15057 /usr/share/nmap/nmap-services
    unknown 15057/udp 0.000330

    In any case being hit at a particluar port that you're not providing
    a service on simply means you drop or reject the probe. Knowing what
    the port is used for doesn't change your response to it :)

    Grant.
    --
    http://bugsplatter.id.au

Similar Threads

  1. Sonicwall GVC is not connecting with NSA 240
    By shabu2010 in forum comp.security.firewalls
    Replies: 0
    Last Post: 04-07-09, 03:07 AM
  2. host not found
    By aadilmk in forum Broadband Tweaks Help
    Replies: 29
    Last Post: 02-27-09, 07:34 PM
  3. (long post) New system and new tech advice and help.
    By osuprowler in forum Hardware & Overclocking
    Replies: 11
    Last Post: 10-07-08, 10:05 PM
  4. Intermittent Connection
    By btaber_09 in forum General Broadband Forum
    Replies: 14
    Last Post: 07-30-07, 07:28 PM
  5. Cisco c828 - nat chance - Static entry, cannot change.
    By tbell in forum Networking Forum
    Replies: 0
    Last Post: 05-10-07, 07:25 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •