Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Two UDP Ports continuously try to dial to outside address


  • Please log in to reply
4 replies to this topic

#1 jwoollen

jwoollen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 20 August 2010 - 05:48 PM

Logs from our firewall are generating messages that one workstation is regularly attempting to contact one of many IP addresses, though all the addresses are in the same subnet. (This is suspected since I don't have the mask.) Bothe the inside and outside machines are using one of two ports.
EX:
UDP outside 192.168.0.105:58357 inside 10.12.24.31:7788, idle 0:00:00, bytes 21, flags-
UDP outside 192.168.0.105:58356 inside 10.12.24.31:8877, idle 0:00:00, bytes 21, flags-

The corporate network engineer sent me a list of twenty such entries; I do not know the frequency of attempts or the time. I've written him, asking these questions, but it's Friday...

I thought the Symantec A/V was set up properly, but when I checked the History I found the Full Scan was being kicked off within second of starting.

I have run MalwareBytes as well as a few Glary utilities. I have not scanned with SAV yet. I'll probably do that while I wait for your response. (I want to run ComboFix and have run Defogger in anticipation.)

I just got this from the engineer: "It isnít using the VPN client it is trying to go across the point to point VPN that we have setup between the properties. You might want to run a virus scan on the box also." I'm attaching a portion of what his is see on the firewall. This Point to Point is over a T1 between here and Vegas.

I'm looking forward to hearing from you.

James Woollen

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 24 August 2010 - 01:28 PM

Does look strange. Is the 192.168.0.105 your machine? If so, run tcpview on it and it should tell you what process is making these connections.

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:13 AM

Posted 05 September 2010 - 02:10 PM

Here is some information about port 7788:

http://findports.com/article/tom-clancys-hawx

Cant find information on port 8877

The 2 IP's in questions are private lans.

#4 jwoollen

jwoollen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 06 September 2010 - 12:54 PM

No offense, but I was amazed when I had the reply on my computer this morning. I posted my issue more than a week ago...after spending a LONG time going through the proper way to post, ect. Again, no offense, minor annoyance,

I have not heard from the network engineer; I had asked him if the issue was still happening. His response time was modeled after yours. (Just kidding. ...Well, a little.)

I need to check with him and I'll let you know the status. I've run every utility I have except a registy cleaner I am afraid of (though it gets rave reveus: CCleaner,) and ComboFix. If the issue is still happening, I might let you dial in, Lawrence.

PS No games are played on this computer; it is at the Front Desk of the resort.

Talk to you later,
James

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:13 AM

Posted 06 September 2010 - 08:22 PM

Now, now, I did respond to you on the 24th of August :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users