Router log shows port 1026 activity?

Router log shows port 1026 activity?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Router log shows port 1026 activity? Reverse first and last names 05-08-2006
Posted by Reverse first and last names on May 8, 2006, 12:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My router logs are showing a lot of messages similar to the following:

ICMP: Dest Unreachable Port Unreachable, LOCAL source
XX.xx.xxx.xxx:2502 (UDP), original dest 64.108.188.246:1026

Where the Xs are my IP address. As I understand it, port 1026 is the
Windows Messenger port and is the subject of a lot of pop-up spam. I
run virus protection on all my computers and can't find any trojans or
bots on my computers.

I am probably getting about 2-3 of these messages a minute logged on
my router. Do I need to be worried about them? As I understand it, it
is easy to spoof a local source address. I am assuming that someone
has spoofed my address and I am just getting a bounce-back error
message. Is this correct?

FYI, according to DShield, another IP address that I "own" is getting
logged as sending out these requests. I don't even have that IP
address hooked up to a computer, so again I am assuming a spoofed
source address. Am I correct?

Thanks,
Jay

Posted by Sebastian Gottschalk on May 8, 2006, 12:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Reverse first and last names wrote:
> My router logs are showing a lot of messages similar to the following:
>
> ICMP: Dest Unreachable Port Unreachable, LOCAL source
> XX.xx.xxx.xxx:2502 (UDP), original dest 64.108.188.246:1026
>
> Where the Xs are my IP address. As I understand it, port 1026 is the
> Windows Messenger port and is the subject of a lot of pop-up spam.

Or a randomly assigned unprivilegded port. Hardly interesting.

> FYI, according to DShield, another IP address that I "own" is getting
> logged as sending out these requests. I don't even have that IP
> address hooked up to a computer, so again I am assuming a spoofed
> source address

Well, that's way more interesting. Do you have any capture of sniffed
network traffic?

Similar ThreadsPosted
UDP Port 1025 activity March 14, 2006, 9:05 am
Unknown svchost.exe DNS port 53 network activity December 20, 2006, 4:09 pm
Constant activity my connection August 4, 2004, 7:46 am
Suspicious n/a network activity October 19, 2005, 6:31 am
IE shows ".url" extension!. January 17, 2006, 1:32 pm
Constant HD activity when Sygate is running February 2, 2005, 5:55 pm
ANN: PC Activity Monitor Professional 7.4 released March 17, 2005, 7:07 am
Firewall activity display program May 25, 2007, 2:24 pm
Re: ZoneAlarm warning: MSN trying to monitor user activity July 13, 2006, 10:16 am
Firewall shows ports being used in sqeuence December 5, 2005, 9:28 am

The site map in XML format XML site map

Contact Us | Privacy Policy