Must be just you. The storm center levels are low.
http://isc.sans.org//port_details.php?port=40132
http://isc.sans.org//port_details.php?port=40132
-
Our native mobile app has a new name: Fora Communities. Learn more.
Big port attack tonight
I'm getting mondo hits on port 40132 from all kinds of random looking addresses. My router is eating them all so it's not a danger to me, but something wierd is going on. I looked around and I don't see any info on that port. Anyone know what they would be trying to talk to? I checked and I've got nothing listening on that port.
- Status
- Not open for further replies.
1 - 3 of 3 Posts
Here is a bit of info on what you are seeing.
Port number: 40132
Common name(s): client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3
Common service(s): client
Service description(s): Outgoing client connections from systems.
Common server(s): RPC based services, Windows Messaging Service.
Common client(s): All client software (SSH, Web clients, etc.)
Common problem(s): Insecure client software
Encrypted options: Not applicable
Secure options: Not applicable
Firewalling recommendations: Block inbound connections to client ports, allow outgoing connections and returning packets (keep state)
Attack detection: As a general rule data coming in to client ports that is not part of an established connection is likely an attack. Exceptions exist of course, such as FTP, various instant messenger protocols, file sharing protocols, IRC's DCC, and so on.
Might be general TCP traffic, but not likely. Someone is probably scanning your IP range.
Other relate ports : 32768
Other notes: Port 32768 is the first port used by the operating system for outbound connections, thus it is likely you will see outbound connections from port 32768 and up. If you run netstat on Red Hat Linux or UNIX you will see something like:
[[email protected] web]# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 10.2.3.4:32768 10.3.4.5:22 ESTABLISHED
tcp 0 0 10.2.3.4:32769 10.9.3.4:80 ESTABLOSHED
Mike
Port number: 40132
Common name(s): client-port on Red Hat Linux 9.0, Fedora Core 1, Red Hat Enterprise 3
Common service(s): client
Service description(s): Outgoing client connections from systems.
Common server(s): RPC based services, Windows Messaging Service.
Common client(s): All client software (SSH, Web clients, etc.)
Common problem(s): Insecure client software
Encrypted options: Not applicable
Secure options: Not applicable
Firewalling recommendations: Block inbound connections to client ports, allow outgoing connections and returning packets (keep state)
Attack detection: As a general rule data coming in to client ports that is not part of an established connection is likely an attack. Exceptions exist of course, such as FTP, various instant messenger protocols, file sharing protocols, IRC's DCC, and so on.
Might be general TCP traffic, but not likely. Someone is probably scanning your IP range.
Other relate ports : 32768
Other notes: Port 32768 is the first port used by the operating system for outbound connections, thus it is likely you will see outbound connections from port 32768 and up. If you run netstat on Red Hat Linux or UNIX you will see something like:
[[email protected] web]# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 10.2.3.4:32768 10.3.4.5:22 ESTABLISHED
tcp 0 0 10.2.3.4:32769 10.9.3.4:80 ESTABLOSHED
Mike
1 - 3 of 3 Posts
- Status
- Not open for further replies.
AVS Forum
A forum community dedicated to home theater owners and enthusiasts. Come join the discussion about home audio/video, TVs, projectors, screens, receivers, speakers, projects, DIY’s, product reviews, accessories, classifieds, and more!
Full Forum Listing
Recommended Communities
