[LINK] technical question: security alert
Kim Holburn
kim at holburn.net
Thu Mar 5 04:05:31 AEDT 2009
The standard is the IANA port list
http://www.iana.org/assignments/port-numbers
but this doesn't include the black ports list - ports used
"unofficially" by malware.
wikipedia has a list of common port numbers :
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
and says 6882 is bittorrent. If your ISP dynamically allocates you an
IP address and it changes every so often then it could be someone
trying a reach a bittorrent client that was previously at your IP
address. Alternatively it could be someone scanning for a bittorrent
client that has an exploitable vulnerability.
Normally with a log of inbound connections you should see a lot of
network and malware probes.
Kim
On 2009/Mar/04, at 1:24 AM, Jan Whitaker wrote:
> Fwd: NETGEAR Security Log [6d:c7:35]
>> Tue, 2009-03-03 06:53:47 - UDP Packet - Source:209.249.45.47,6882
>> Destination:121.44.211.10,38696 - [DOS]
>
> Can someone please translate this for me? I believe the Destination
> is my IP because I looked it up and it's one of the Internode ones.
> But I don't know what this all means and if it's dangerous or if it
> means my firewall is working.
>
> offlist replies please to not fill up the list.
>
> jwhit at janwhitaker.com
>
> Jan
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list