Need Help. TCP Port 3717

General Network security, firewalls, port filtering/forwarding, wireless security, anti-spyware, as well as spam control and privacy discussions.
Post Reply
User avatar
oakfan52
Regular Member
Posts: 159
Joined: Wed Jan 03, 2001 12:00 am
Location: Elk Grove

Need Help. TCP Port 3717

Post by oakfan52 »

I need some help with identifying what just happened to me. My internet connection was basically brought to a hault. I can't find any information on TCP port 3717. here is a sample from the Netstat that i ran during the problem:

Active Connections

Proto Local Address Foreign Address State
TCP Enterprise:http tc1-188.gigonet.com:4963 LAST_ACK
TCP Enterprise:http 242-142-107-12-pbg-ny.dialin.westelcom.com:2597 LAST_ACK
TCP Enterprise:http 65-120-99-96.velocity.net:2158 LAST_ACK
TCP Enterprise:http 0-1pool131-197.nas8.knoxville1.tn.us.da.qwest.net:2500 LAST_ACK
TCP Enterprise:http 66.168.92.204:2579 LAST_ACK
TCP Enterprise:http dialup-67.30.190.17.dial.boston1.level3.net:2006 LAST_ACK
TCP Enterprise:http host-67-35-38-221.asm.bellsouth.net:2420 LAST_ACK
TCP Enterprise:http 1cust61.tnt3.salem.or.da.uu.net:2767 LAST_ACK
TCP Enterprise:http ac81e987.ipt.aol.com:2981 LAST_ACK
TCP Enterprise:http ac823606.ipt.aol.com:1478 LAST_ACK
TCP Enterprise:http ac830f77.ipt.aol.com:1598 LAST_ACK
TCP Enterprise:http ac83328a.ipt.aol.com:2617 LAST_ACK
TCP Enterprise:http ac8458df.ipt.aol.com:4092 LAST_ACK
TCP Enterprise:http ac870790.ipt.aol.com:1570 LAST_ACK
TCP Enterprise:http ac8bdee8.ipt.aol.com:1285 LAST_ACK
TCP Enterprise:http ac90ccab.ipt.aol.com:2236 LAST_ACK
TCP Enterprise:http ac919a25.ipt.aol.com:2703 LAST_ACK
TCP Enterprise:http ac92e76a.ipt.aol.com:2563 LAST_ACK
TCP Enterprise:http ac940e26.ipt.aol.com:2514 LAST_ACK
TCP Enterprise:http ac9abbd7.ipt.aol.com:3409 LAST_ACK
TCP Enterprise:http ac9f56b1.ipt.aol.com:4152 LAST_ACK
TCP Enterprise:http aca25b61.ipt.aol.com:1582 LAST_ACK
TCP Enterprise:http aca2e520.ipt.aol.com:3731 LAST_ACK
TCP Enterprise:http acb4728a.ipt.aol.com:1741 LAST_ACK
TCP Enterprise:http acc34ab2.ipt.aol.com:3170 LAST_ACK
TCP Enterprise:http acc353df.ipt.aol.com:4287 LAST_ACK
TCP Enterprise:http du229098.wel.ptd.net:4192 LAST_ACK
TCP Enterprise:http dsc11-chf-il-3-176.rasserver.net:2741 LAST_ACK
TCP Enterprise:http max5s-65.sowega.net:1934 LAST_ACK
TCP Enterprise:http ppp340-hnvrpa.netrax.net:3814 LAST_ACK
TCP Enterprise:http dialin-clp-213-170-168-114.ewetel.net:2815 LAST_ACK
TCP Enterprise:http archon-216-68-35-219.fuse.net:2650 LAST_ACK
TCP Enterprise:http host-216-76-216-66.dab.bellsouth.net:2503 LAST_ACK
TCP Enterprise:http host-216-79-223-58.chs.bellsouth.net:1713 LAST_ACK
TCP Enterprise:http mid-tgn-noo-vty16.as.wcom.net:3948 LAST_ACK
TCP Enterprise:3030 205.188.7.194:5190 ESTABLISHED
TCP Enterprise:3039 64.12.27.63:5190 ESTABLISHED
TCP Enterprise:3087 205.188.8.247:5190 ESTABLISHED
TCP Enterprise:3717 c5800-10-bis.p181.btigate.com:3393 LAST_ACK
TCP Enterprise:3717 sju-12-16-46-74.prw.net:2162 LAST_ACK
TCP Enterprise:3717 12.31.193.194:21167 LAST_ACK
TCP Enterprise:3717 sju-12-41-135-175.prw.net:1678 LAST_ACK
TCP Enterprise:3717 slip-12-65-48-143.mis.prserv.net:3771 LAST_ACK
TCP Enterprise:3717 40.nashville-01rh15rt.tn.dial-access.att.net:2128 LAST_ACK
TCP Enterprise:3717 150.seattle-13-14rs.wa.dial-access.att.net:1145 LAST_ACK
TCP Enterprise:3717 203.houston-29rh15rt.tx.dial-access.att.net:2656 LAST_ACK
TCP Enterprise:3717 30.phoenix-11-12rs.az.dial-access.att.net:1407 LAST_ACK
TCP Enterprise:3717 211.denver-07rh16rt.co.dial-access.att.net:1672 LAST_ACK
TCP Enterprise:3717 85.dallas-40rh15rt-tx.dial-access.att.net:4251 LAST_ACK
TCP Enterprise:3717 143.newark-12rh16rt.nj.dial-access.att.net:4367 LAST_ACK
TCP Enterprise:3717 80.pittsburgh-04rh15rt.pa.dial-access.att.net:1536 LAST_ACK
TCP Enterprise:3717 12.104.112.25:4458 LAST_ACK
TCP Enterprise:3717 tc1-184.gigonet.com:3980 LAST_ACK
TCP Enterprise:3717 tc2-219.gigonet.com:2771 LAST_ACK
TCP Enterprise:3717 mod302.ezclick.net:4914 LAST_ACK
TCP Enterprise:3717 ras026.fretel.com:1688 LAST_ACK
TCP Enterprise:3717 12.110.244.28:1648 LAST_ACK
TCP Enterprise:3717 ascend1.salisbury.net:1125 LAST_ACK
TCP Enterprise:3717 12-215-82-178.client.mchsi.com:2420 LAST_ACK
TCP Enterprise:3717 12-218-132-197.client.mchsi.com:4404 LAST_ACK
TCP Enterprise:3717 12-220-130-111.client.insightbb.com:2239 LAST_ACK
TCP Enterprise:3717 12-222-102-216.client.insightbb.com:3254 LAST_ACK
TCP Enterprise:3717 24.247.65.101.up.mi.chartermi.net:4882 LAST_ACK
TCP Enterprise:3717 1cust42.tnt9.corpus-christi3.tx.da.uu.net:3288 LAST_ACK
TCP Enterprise:3717 ppp176mag.magnolia-net.com:3037 LAST_ACK
TCP Enterprise:3717 63.147.106.25:2826 LAST_ACK
TCP Enterprise:3717 vmax164-181.maxen.sowega.net:1809 LAST_ACK
TCP Enterprise:3717 63.175.172.149:3913 LAST_ACK
TCP Enterprise:3717 63.238.31.11:3137 LAST_ACK
TCP Enterprise:3717 169-82-syr-ny.dialin.a-315.westelcom.com:1590 LAST_ACK
TCP Enterprise:3717 s86.dial1.sne.nac.net:1985 LAST_ACK
TCP Enterprise:3717 115stb39.codetel.net.do:2541 LAST_ACK
TCP Enterprise:3717 dialup-64.158.114.198.dial1.pittsburgh1.level3.net:3982 LAST_ACK
TCP Enterprise:3717 adsl-64-164-36-105.dsl.scrm01.pacbell.net:1760 LAST_ACK
TCP Enterprise:3717 adsl-64-166-211-84.dsl.lsan03.pacbell.net:2338 LAST_ACK
TCP Enterprise:3717 cblo-cm:2177 LAST_ACK
TCP Enterprise:3717 adsl-65-67-181-119.dsl.wcfltx.swbell.net:3841 LAST_ACK
TCP Enterprise:3717 104-111.sulross.edu:4204 LAST_ACK
TCP Enterprise:3717 65.127.120.57:3026 LAST_ACK
TCP Enterprise:3717 0-1pool140-148.nas12.nashville1.tn.us.da.qwest.net:2336 LAST_ACK
TCP Enterprise:3717 01-019.011.popsite.net:2128 LAST_ACK
TCP Enterprise:3717 gtf-66.109.134.140.gtf.montana.com:1025 LAST_ACK
TCP Enterprise:3717 adsl-66-136-212-58.dsl.austtx.swbell.net:4340 LAST_ACK
TCP Enterprise:3717 ppp-66-140-98-188.dialup.lbcktx.swbell.net:3850 LAST_ACK
TCP Enterprise:3717 homecomputer.pc.ashlandfiber.net:2433 LAST_ACK
TCP Enterprise:3717 67.1.189.71:2708 LAST_ACK
TCP Enterprise:3717 0-1pool155-68.nas10.tempe1.az.us.da.qwest.net:2638 LAST_ACK
TCP Enterprise:3717 dialup-67.27.79.220.dial1.washington1.level3.net:1477 LAST_ACK
TCP Enterprise:3717 dialup-67.28.62.143.dial1.omaha1.level3.net:4737 LAST_ACK
TCP Enterprise:3717 dialup-67.30.197.193.dial1.atlanta1.level3.net:1668 LAST_ACK
TCP Enterprise:3717 67.36.16.168:3085 LAST_ACK
TCP Enterprise:3717 1cust145.tnt4.corpus-christi3.tx.da.uu.net:1927 LAST_ACK
TCP Enterprise:3717 1cust248.tnt1.columbus.ga.da.uu.net:1713 LAST_ACK
TCP Enterprise:3717 1cust185.tnt39.bos2.da.uu.net:3369 LAST_ACK
TCP Enterprise:3717 1cust152.tnt1.stafford.tx.da.uu.net:4570 LAST_ACK
TCP Enterprise:3717 adsl-68-22-155-236.dsl.klmzmi.ameritech.net:2381 LAST_ACK
TCP Enterprise:3717 user-69-1-17-174.knology.net:2953 LAST_ACK
TCP Enterprise:3717 gprs1.vodafone.hu:44681 LAST_ACK
TCP Enterprise:3717 140.88.66.84:3050 LAST_ACK
TCP Enterprise:3717 ppp-pm04-dy-07.cd1.dialup.oakland.edu:3384 LAST_ACK
TCP Enterprise:3717 dup-148-221-84-192.prodigy.net.mx:3310 LAST_ACK
TCP Enterprise:3717 dup-148-233-227-221.prodigy.net.mx:1938 LAST_ACK
TCP Enterprise:3717 customermty-148-244-141-121.alestra.net.mx:2383 LAST_ACK
TCP Enterprise:3717 148.246.150.77:1836 LAST_ACK
TCP Enterprise:3717 user-2injro1.dialup.mindspring.com:4188 LAST_ACK
TCP Enterprise:3717 dialup-166.90.45.154.dial1.sanfrancisco1.level3.net:1753 LAST_ACK
TCP Enterprise:3717 dip13-ppp-251.bu.edu:1278 LAST_ACK
TCP Enterprise:3717 168-215-108-39.gen.twtelecom.net:2473 LAST_ACK
TCP Enterprise:3717 ac8008e1.ipt.aol.com:2747 LAST_ACK
TCP Enterprise:3717 ac81576b.ipt.aol.com:4622 LAST_ACK
TCP Enterprise:3717 ac818d60.ipt.aol.com:1783 LAST_ACK
TCP Enterprise:3717 ac81a69b.ipt.aol.com:4783 LAST_ACK
TCP Enterprise:3717 ac81d183.ipt.aol.com:1611 LAST_ACK
TCP Enterprise:3717 ac81d56a.ipt.aol.com:1308 LAST_ACK
TCP Enterprise:3717 ac81d876.ipt.aol.com:1310 LAST_ACK
TCP Enterprise:3717 ac82ace1.ipt.aol.com:4567 LAST_ACK
TCP Enterprise:3717 ac82af39.ipt.aol.com:1331 LAST_ACK
TCP Enterprise:3717 ac835bcc.ipt.aol.com:4455 LAST_ACK
TCP Enterprise:3717 ac84ad66.ipt.aol.com:3262 LAST_ACK
TCP Enterprise:3717 ac84c5de.ipt.aol.com:1638 LAST_ACK
TCP Enterprise:3717 ac8500fc.ipt.aol.com:3873 LAST_ACK
TCP Enterprise:3717 ac853e58.ipt.aol.com:2186 LAST_ACK
TCP Enterprise:3717 ac86589f.ipt.aol.com:1228 LAST_ACK
TCP Enterprise:3717 ac86dd18.ipt.aol.com:1341 LAST_ACK
TCP Enterprise:3717 ac86f6e1.ipt.aol.com:2355 LAST_ACK
TCP Enterprise:3717 ac8745c6.ipt.aol.com:1495 LAST_ACK
TCP Enterprise:3717 ac8779a5.ipt.aol.com:2854 LAST_ACK
TCP Enterprise:3717 ac878db7.ipt.aol.com:1876 LAST_ACK
TCP Enterprise:3717 ac879aa8.ipt.aol.com:4038 LAST_ACK
TCP Enterprise:3717 ac87b1be.ipt.aol.com:2812 LAST_ACK
TCP Enterprise:3717 ac888418.ipt.aol.com:3012 LAST_ACK
TCP Enterprise:3717 ac88b611.ipt.aol.com:3313 LAST_ACK
TCP Enterprise:3717 ac895ab6.ipt.aol.com:3795 LAST_ACK
TCP Enterprise:3717 ac89ba37.ipt.aol.com:4626 LAST_ACK
TCP Enterprise:3717 ac8a7dc9.ipt.aol.com:1586 LAST_ACK
TCP Enterprise:3717 ac8abb20.ipt.aol.com:1741 LAST_ACK
TCP Enterprise:3717 ac8acc30.ipt.aol.com:1196 LAST_ACK
TCP Enterprise:3717 ac8ad0e7.ipt.aol.com:2611 LAST_ACK
TCP Enterprise:3717 ac8b7540.ipt.aol.com:2024 LAST_ACK
TCP Enterprise:3717 ac8b76be.ipt.aol.com:2181 LAST_ACK
TCP Enterprise:3717 ac8bf3b7.ipt.aol.com:1681 LAST_ACK
TCP Enterprise:3717 ac8bfb3e.ipt.aol.com:3170 LAST_ACK
TCP Enterprise:3717 ac8bfee2.ipt.aol.com:1292 LAST_ACK
TCP Enterprise:3717 ac8c6fa7.ipt.aol.com:2454 LAST_ACK


It went on and on.
Top
User avatar
fredra
Advanced Member
Posts: 847
Joined: Mon Mar 20, 2000 12:00 am
Location: Nepean, On, Canada

Post by fredra »

Hi oakfan52
Try this , then let us know.

:(
A man with a watch knows what time it is. A man with two watches is never sure.
Top
User avatar
oakfan52
Regular Member
Posts: 159
Joined: Wed Jan 03, 2001 12:00 am
Location: Elk Grove

Post by oakfan52 »

It says its an unassigned TCP port. Couldn't find any Trojan's that use that port. I run NAV with auto updates daily. Slim chance its a virus/trojan.
Top
User avatar
greEd
Posts: 807
Joined: Wed May 09, 2001 12:00 am
Location: Maryland

Post by greEd »

I can't say for certain but I'll put money on the table saying you experienced a ddos (dee-dos) attack. Considering most the ports left in LAST_ACK state are not used for specific purposes, and with that many left in that state from many different locations proves this. LAST_ACK is where you are waiting for the ACK to come back in response to your FIN.

kind regards,
greEd
"I'm doing a (free) operating system (just a hobby, won't be big and professional...) for AT clones... It's not portable and it probably [won't ever] support anything other than AT hard disks, as thats all I have :-(." --Posted on Usenet August 1991 by Linus Trovalds
http://www.computerglitch.net
curiosity builds security | dd if=/dev/zero of=/dev/hda bs=512 count=100
EOF
Top
User avatar
fredra
Advanced Member
Posts: 847
Joined: Mon Mar 20, 2000 12:00 am
Location: Nepean, On, Canada

Post by fredra »

Thanks greEd ...much appreciated.
:)
A man with a watch knows what time it is. A man with two watches is never sure.
Top
cyberskye
Senior Member
Posts: 4717
Joined: Wed Jan 10, 2001 12:00 am
Location: DC

Post by cyberskye »

notice how many (apparently) dial-up accounts are listed. some scrkiddie is comin at ya. You should be nicer on IRC - j/k

Seriously, once you're done examining this you can send an email to abuse@[theirdomain] attach the log and they can block/notify their customers. You could ask your isp to block whole blocks but that's probably not what you really want.

Good Luck,

Skye
anything is possible - nothing is free

:wth:
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
:wth:
Top
User avatar
oakfan52
Regular Member
Posts: 159
Joined: Wed Jan 03, 2001 12:00 am
Location: Elk Grove

Post by oakfan52 »

The whole problem with DDOS is that its very difficult to track. I could report this to there domain, but most of the attacks come from computers which are victims of attack themselves. sigh =\. no big deal better me than ebay again. lol
Top
Post Reply

Return to “Network Security”