|
|
 | | From: | Charles Newman | | Subject: | Port 62396 connection | | Date: | Tue, 18 Jan 2005 19:50:42 -0800 |
|
|
 |
My firewall recorded a connect attempt on port 62396. What is on
that port? None of the various port databases any infornation on
that port. I cannot figure out what they would want on that high up
a port.
|
|
| | From: | dak | | Subject: | Re: Port 62396 connection | | Date: | Wed, 19 Jan 2005 15:01:18 -0600 |
|
|
| On Tue, 18 Jan 2005 19:50:42 -0800, "Charles Newman"
wrote:
> My firewall recorded a connect attempt on port 62396. What is on
>that port? None of the various port databases any infornation on
>that port. I cannot figure out what they would want on that high up
>a port.
Port 62396 is the game update port for FreeBSD's gnubg (GNU
Backgammon). You might want to poke around or
if you want to know more.
--
dak
My SpywareBlaster Custom Blocking List:
|
|
| | From: | Moe Trin | | Subject: | Re: Port 62396 connection | | Date: | Thu, 20 Jan 2005 16:24:29 -0600 |
|
|
| In article <6eitu0lfbukpep1vmq9f7ssghpjs3mb5tl@4ax.com>, dak wrote:
>On Tue, 18 Jan 2005 19:50:42 -0800, "Charles Newman"
> wrote:
>> My firewall recorded a connect attempt on port 62396. What is on
>> that port? None of the various port databases any infornation on
>> that port.
You may wish to search the Usenet newsgroups, and sites of the various
anti-malware companies to see of there is some 'malware du jour' that is
hitting this or that port. A lot of less educated users see one or two hits
to a port, and believe that World War III has kicked off, and scream to
everyone that the sky is falling. Occasionally, there may actually be
something of interest. Inbound connection attempts to this or that port
often mean that some infected site is looking to see if your computer is
also infected. You don't need to worry about that. What you _should_ be
worried about is when you detect your computer trying to connect to OTHER
computers on this or that port number.
> Port 62396 is the game update port for FreeBSD's gnubg (GNU
> Backgammon).
http://www.iana.org/assignments/port-numbers
[quote]
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
[/quote]
Just because a port may be assigned, registered, or commonly associated
with a specific service does not mean that all use of that port is
restricted to that service. Ports below 1024 MAY be used for specific
services, but the whole purpose of port registration is to give applications
an idea where to _look_ for such services. You can run a mail server on port
79 if you'd like, but most systems are going to try to connect to it on port
25 as that is the normal port (just as 79 is _normally_ used by the 'finger'
application). Ports above 1023 are an 'anything goes' situation, and are
NORMALLY used by your computer to make outgoing connections. You _could_
run a service like mail, or a webserver, on these ports, but not that
many people/systems would know to try to connect there. And I've yet to
see a trojan or virus writer register the port his malware is using, much
less never change to a different one. A lot of time, I've seen client ports
over about 60,000 as a result of NAT or masquerade.
Old guy
|
|
| | From: | Michael J. Pelletier | | Subject: | Re: Port 62396 connection | | Date: | Tue, 18 Jan 2005 20:31:03 -0800 |
|
|
| Charles Newman wrote:
>
> My firewall recorded a connect attempt on port 62396. What is on
> that port? None of the various port databases any infornation on
> that port. I cannot figure out what they would want on that high up
> a port.
What was the source (the port the client was using) port? High end ports are
used for dynamic connections on most OSes. For example, I connect to
www.google.com. My port (my outgoing port) might be 45,003 connecting to
www.google.com's port 80. Now there are two endpoints. My port, in this
example 45,003, and google's web server operating on port 80....
Does that help?
-- Michael
|
|
|
