Re: Port 788 (Was: hitting the "on" switch)

BVE (bvequadrix.com)
19 Sep 1997 19:24:00 -0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Andy Howard: "Re: How do you fight an attack in progress?"
• Previous message: Michele Mullins Jordan - Commercial SE-Sun-McLean VA: "Re: How do you fight an attack in progress?"
• Maybe in reply to: Grigorof, Adrian: "How do you fight an attack in progress?"
• Next in thread: Ken Roy: "TIS FWTK"

   From: keesechelon.nl (Kees Hendrikse)

   I'm puzzled by the following log entries from my Cisco (edited):
   Sep 3 21:46:13 tcp A.B.C.D(788) -> Z.Z.Z.116(2148), 1 packet
        [...etc...]

   In July and August only A.B.C.D was sending these packets; now I have
   two of them. Any ideas what these guys are trying to do? As far as I
   know, there are no well-known services using port 788.
   By the way, Z.Z.Z.116 has never been in active use.

The key question, IMHO, is the ports they are contacting, not where they are
coming from. According to the RFC: 1540: rds, 1560: asci-val,
1564:Pay-Per-View, 1596: radio-sm, 1600: issd,
1752, 2144, 2148, 2336, 2396, 2488: not registered

Unfortunately, that doesn't really tell you very much. Does anyone know of any
services which "unofficially" use these ports? My first guess is that these
log entries represent probing of your site by someone....

-- 
				     -- Bill Van Emburg
Phone: 732-235-2335			Quadrix Solutions, Inc.
Fax:   732-235-2336			(bvequadrix.com)
					(http://quadrix.com)
	"You do what you want, and if you didn't, you don't"

• Next message: Andy Howard: "Re: How do you fight an attack in progress?"
• Previous message: Michele Mullins Jordan - Commercial SE-Sun-McLean VA: "Re: How do you fight an attack in progress?"
• Maybe in reply to: Grigorof, Adrian: "How do you fight an attack in progress?"
• Next in thread: Ken Roy: "TIS FWTK"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:08:58 CDT