|
Posted by Ron on October 30, 2005, 4:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
My firewall is telling me that someone is scanning my UDP ports 1028,
1030, 1031, 1032, and 4297. Can anyone tell me what's so significant
about those ports, and what would happen if they were left unprotected?
Thanks.
Ron
|
|
Posted by Bit Twister on October 30, 2005, 8:23 am
If you were Registered and logged in, you could reply and use other advanced thread options
On 30 Oct 2005 04:44:12 -0800, Ron wrote:
> My firewall is telling me that someone is scanning my UDP ports 1028,
> 1030, 1031, 1032, and 4297. Can anyone tell me what's so significant
> about those ports,
http://www.dshield.org//port_report.php?port=
http://isc.sans.org/port_details.php?port=
http://lists.thedatalist.com/portlist/lookup.php?port=
> and what would happen if they were left unprotected?
Leaving any inbound attempt port unprotected is asking for any type of
trouble and can change anytime the malware author/script kiddie wants
to change the payload.
|
|
Posted by Moe Trin on October 30, 2005, 12:30 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>My firewall is telling me that someone is scanning my UDP ports 1028,
>1030, 1031, 1032, and 4297.
Sounds like a "personal firewall" trying to impress you with useless
noise. The 102x/103x crap is typically spammers trying to send pop-up
advertisements (windoze Messenger service). They are not scanning, or
trying to connect or indeed do anything harmful other than getting you
to come to their website and use your credit card to buy some useless
crap. As for 4297 - who knows - it's a userland port that could be
just about anything.
Port numbers are not cast in stone. Certain services use what are known
as "well known ports" by default - so that users can find them. But
just because the well known port for DNS is 53, this does not prevent
someone from using port 53 on their computer for ANY service of any kind.
The Internet Police will not come and arrest him for doing so.
>Can anyone tell me what's so significant about those ports,
They are opportunities for spammers to find stupid customers
>and what would happen if they were left unprotected?
You'd see something that looks like
SYSTEM
ALERT
Windows has encountered an Internal Error
Your windows registry is corrupted.
We recommend a complete system scan.
Visit
http://some.wankers.website
To repair now!
that's the contents of a message seen on a packet sniffer I was using to
investigate a bandwidth problem. It's false for several reasons, first
and most obviously because it suggests going to some website nobody had
ever heard of (doing a whois search revealed the domain had been registered
only 23 hours earlier), and second because the sniffer doesn't run windoze.
There are few services using UDP that are needed. DNS queries (used to
translate hostnames to IP addresses and vice-versa) normally run on UDP
(random port on your side, 53 on the server), and that's about it. A
wide open windoze box is spewing from/to 137-139, and should be taken
off line until the user can figure out how to turn that crap off, but
that's pretty much it.
Old guy
|
|
Posted by Ron on October 31, 2005, 2:15 am
If you were Registered and logged in, you could reply and use other advanced thread options
to know
my firewall is doing it's job. :-)
Ron
|
|
Posted by Jim Watt on November 1, 2005, 12:39 am
If you were Registered and logged in, you could reply and use other advanced thread options
>Thanks, for the information guys; it is much appreciated and it's nice
>to know my firewall is doing it's job. :-)
Actually is itsn't its getting you worried about a threat that is not
there; unless those ports are open, ie being listened to by a rogue
process on your computer, the fact that someone is scanning them
is pretty much immaterial.
What you really need to know is what is or is not running on your
machine.
--
Jim Watt
http://www.gibnet.com
|
|
XML site map