TCP/IP Protocol Search Result
| Protocol/Port | TCP/7 |
|---|---|
| Description | echo - Echo TCP - Scan: you will see lots of these from people looking for fraggle amplifiers sent to addresses of x.x.x.0 and x.x.x.255. A common DoS attack is an echo-loop, where the attacker forges a UDP from one machine and sends it to the other, then both machines bounce packets off each other as fast as they can. Another common thing seen is TCP connections to this port by DoubleClick. They use a product called "Resonate Global Dispatch" that connects to this port on DNS servers in order to locate the closest one. See RFC 862 ***
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/113 |
| Description | ident - The Identification Protocol (see RFC 1413) - Scan: This is a protocol that runs on many machines that identifies the user of a TCP connection. In standard usage this reveals a LOT of information about a machine that hackers can exploit. However, it used by a lot of services by loggers, especially FTP, POP, IMAP, SMTP, and IRC servers. In general, if you have any clients accessing these services through a firewall, you will see incoming connection attempts on this port. Note that if you block this port, clients will perceive slow connections to e-mail servers on the other side of the firewall. Many firewalls support sending back a RST on the TCP connection as part of the blocking procedure, which will stop these slow connections. ***
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/153 |
| Description | sgmp - SGMP (Simple Gateway Monitoring Protocol) - A precursor to SNMP. It is very obsolete, so if you see something on the SGMP port 153, then it is likely to be some other protocol. See RFC 1052,1028
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/1984 |
| Description | bb - Big Brother - Monitoring software - See http://maclawran.ca/bb-dnld
Note: This protocol has been used in attacks |
| Protocol/Port | UDP/3544 |
| Description | teredo - Protocol used for tunneling IPv6 over IPv4 networks. Teredo navalis is a shipworm that bores its way through wooden structures and causes extensive damage to ships and other wooden structures.) The protocol uses UDP port 3544 and permits tunneling through Network Address Translation (NAT) boxes [Srisuresh and Egevang, 2001]. If you are concerned about this, block UDP port 3544. If used from behind a NAT box, Teredo relies on an outside server with a globally routable address. Given the difficulty of knowing how many NAT boxes one is behind, especially as the number can vary depending on your destination, this scheme is controversial. It is not clear if or when it willbe standardized.
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/4662 |
| Description | edonkey - Used by eDonkey to connect to other clients.
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/4665 |
| Description | edonkey - Used by eDonkey to send messages to servers other then the one that is connected to.
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/5000 |
| Description | upnp-ssdp - Used by UPnP (Universal Plug and Play) and SSDP (Simple Service Discovery Protocol) in Windows XP and Windows 98/98S/ME. Kibuv.b Worm is using a vulnerability on UPnP. A scan on this port may indicate activity from this worm. See http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=20301309. May 18, 2004. Also used by the "Free Internet Chess Server" (fics) and other game servers. Officially, this port is assigned to the "commplex-main" protocol. *** Note: This protocol has been used in attacks |
| Protocol/Port | UDP/6514 |
| Description | mcafee-asap - Used by McAfee antivirus. A broadcast on UDP/6514 is sent by a client without Internet access in order to find another computer, with Internet access to be used as a proxy for Internet antivirus updates. See http://www.myasap.de/intl/EN/content/virusscan_asap/faq_new.asp.
Note: This protocol has been used in attacks |
| Protocol/Port | UDP/6515 |
| Description | mcafee-asap - Used by McAfee antivirus. A broadcast on UDP/6514 is sent by a client without Internet access in order to find another computer, with Internet access to be used as a proxy for Internet antivirus updates. See http://www.myasap.de/intl/EN/content/virusscan_asap/faq_new.asp.
Note: This protocol has been used in attacks |
| Protocol/Port | UDP/6666 |
| Description | powerchute - Associated with APC PowerChute Plus, ie. runs as UPS service under Windows NT - submitted by Mark DeBusschere
service under windows nt. There are two other ports
Associated with APC PowerChute Plus, ie. runs as UPS service under Windows NT
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/13223 |
| Description | powwow-client - PowWow Client - chat program from Tribal Voice.- Scan: It allows users to open up private chat connections with each other on this port. The program is very aggressive at trying to establish the connection and will "camp" on the TCP port waiting for a response. This causes a connection attempt at regular intervals like a heartbeat. This can be seen by dial-up users who inherit IP addresses from somebody who was chatting with other people: it will appear as if many different people are probing that port. The protocol uses the letters "OPNG" as the first four bytes of its connection attempt ***
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/13224 |
| Description | powwow-server - PowWow Server - chat program from Tribal Voice.- Scan: It allows users to open up private chat connections with each other on this port. The program is very aggressive at trying to establish the connection and will "camp" on the TCP port waiting for a response. This causes a connection attempt at regular intervals like a heartbeat. This can be seen by dial-up users who inherit IP addresses from somebody who was chatting with other people: it will appear as if many different people are probing that port. The protocol uses the letters "OPNG" as the first four bytes of its connection attempt ***
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/32776 |
| Description | rpcspray - The rpc.spray service is used for network testing. This service will run on this port on many default installations of Solaris. These services can be configured to flood each other with traffic.
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/37651 |
| Description | trojan - Reported Trojan programs using this port: YAT (Yet Another Trojan) ***
Note: This protocol has been used in attacks |
| Protocol/Port | UDP/42508 |
| Description | innoculan - Inoculan on UDP. Older versions of Inoculan apparently generate huge quantities of UDP traffic directed at subnets in order to discover each other. More info can be found at http://www.circlemud.org/~jelson/software/udpsend.html and http://www.ccd.bnl.gov/nss/tips/inoculan/index.html.
Note: This protocol has been used in attacks |
| Protocol/Port | TCP/45000 |
| Description | cisco - Cisco SAFE IDS / NetRanger. NetRanger (and IDS probe) regularly communicates to the "Director" (management console) via port 45000. Among other things, this acts as a hearbeat so that the console knows the agent is alive.
Note: This protocol has been used in attacks |
| Send us comments about this protocol! | |
| Search for "Protocol TCP OTHER" at: Google - Bing - Microsoft - Yahoo - Metacrawler | |
Subscribe to EventID.Net now!