Security Basics mailing list archives

RE: Port 2848

From: "Mike Heitz" <mikeheitz () upshotmail com>
Date: Wed, 18 Dec 2002 14:15:46 -0600
Forgot to "Reply to All"...

Nathan,

Using VisualRoute on my PC I checked those 3 IP's. They are all
Gateway's at Symantec. It looks like what you are seeing is possibly
Norton Antivirus' LiveUpdate going out to try and check for update...
that's just a guess on my part.

mike heitz ** sr it manager ** UPSHOT
312-943-0900 x5190

-----Original Message-----
From: Nathan [mailto:nathan.grandbois () cerdant com] 
Sent: Wednesday, December 18, 2002 10:30 AM
To: Security Focus (E-mail)
Subject: Port 2848

I don't know if this is the proper forum for this question so if it's
not
I'm sorry.

Appended is an excerpt of a log off of one of our firewalls. I think
that
this guy is using AIM but I can't determine. The only thing I could come
up
with for port 2847 is the AIMPP-Port Req (from all the port lists) and
nothing for 2848. 192.168.100.2 tries to connect to 206.204.212.226 on
port
2847 then 2
minutes later to 206.204.52.98 on port 2848 then again to
206.204.212.226 13
minutes later and the pattern repeats. Do you think this has anything to
do
with AIM or could it be some other software application that uses these
ports and the port listing for 2847 is not entirely correct?
12/16/2002 00:01:03.656 - TCP connection dropped - Source:192.168.100.2,
1333, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 00:14:08.256 - TCP connection dropped - Source:192.168.100.2,
1741, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 00:16:04.848 - TCP connection dropped - Source:192.168.100.2,
1796, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 00:29:09.752 - TCP connection dropped - Source:192.168.100.2,
2204, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 00:31:06.096 - TCP connection dropped - Source:192.168.100.2,
2257, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 00:44:10.928 - TCP connection dropped - Source:192.168.100.2,
2690, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 00:46:07.320 - TCP connection dropped - Source:192.168.100.2,
2745, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 00:59:12.192 - TCP connection dropped - Source:192.168.100.2,
3154, LAN - Destination:206.204.52.98, 2847, WAN
12/16/2002 01:01:08.368 - TCP connection dropped - Source:192.168.100.2,
3209, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 01:14:13.464 - TCP connection dropped - Source:192.168.100.2,
3615, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 01:16:09.384 - TCP connection dropped - Source:192.168.100.2,
3672, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 01:29:14.656 - TCP connection dropped - Source:192.168.100.2,
4069, LAN - Destination:206.204.52.98, 2847, WAN
12/16/2002 01:31:10.544 - TCP connection dropped - Source:192.168.100.2,
4131, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 01:44:15.768 - TCP connection dropped - Source:192.168.100.2,
4558, LAN - Destination:206.204.52.98, 2847, WAN
12/16/2002 01:46:11.768 - TCP connection dropped - Source:192.168.100.2,
4623, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 01:59:17.048 - TCP connection dropped - Source:192.168.100.2,
1052, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 02:01:12.896 - TCP connection dropped - Source:192.168.100.2,
1124, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 02:14:18.224 - TCP connection dropped - Source:192.168.100.2,
1529, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 02:16:14.128 - TCP connection dropped - Source:192.168.100.2,
1589, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 02:29:20.928 - TCP connection dropped - Source:192.168.100.2,
1996, LAN - Destination:206.204.52.98, 2847, WAN
12/16/2002 02:31:15.624 - TCP connection dropped - Source:192.168.100.2,
2046, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 02:44:22.224 - TCP connection dropped - Source:192.168.100.2,
2475, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 02:46:16.720 - TCP connection dropped - Source:192.168.100.2,
2529, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 02:59:23.576 - TCP connection dropped - Source:192.168.100.2,
2932, LAN - Destination:206.204.52.98, 2847, WAN
12/16/2002 03:01:17.864 - TCP connection dropped - Source:192.168.100.2,
2992, LAN - Destination:206.204.52.98, 2848, WAN
12/16/2002 03:14:24.736 - TCP connection dropped - Source:192.168.100.2,
3400, LAN - Destination:206.204.212.226, 2847, WAN
12/16/2002 03:16:19.208 - TCP connection dropped - Source:192.168.100.2,
3463, LAN - Destination:206.204.212.226, 2848, WAN
12/16/2002 03:29:26.256 - TCP connection dropped - Source:192.168.100.2,
3862, LAN - Destination:206.204.212.226, 2847, WAN

Nathan Grandbois
Cerdant, Inc.
This message may contain confidential material and is intended only for
the
person or entity to
which it is addressed.  Any review, retransmission, dissemination or
other
use of, or taking of any
action by persons or entities other than the intended recipient is
prohibited.  If you are not the
intended recipient, please delete the information from your system and
contact the sender.
Current thread:

Port 2848 Nathan (Dec 18)
- RE: Port 2848 Dominick Sardina (Dec 19)
- RE: Port 2848 Mahoney, Paul (Dec 20)
- <Possible follow-ups>
- re: Port 2848 H C (Dec 19)
- RE: Port 2848 Mike Heitz (Dec 19)
- RE: Port 2848 Malin, Scott M (Dec 20)