Do these ports and IP ranges sound familiar?

Discussion in 'malware problems & news' started by Gullible Jones, May 28, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    My firewall box has recently been blocking outbound traffic on ports 8020, 8087, and 8500; mostly to a small number of IPs leased by Digital Ocean, Netscape/AOL, and RIPE NCC. Reverse DNS lookups fail on all of these IPs.

    Even more ominously, these unidentifiable communications originate exclusively from two Windows machines on my network. (One Windows 7 x86, the other x64.)

    Is this stuff identifiable to anyone?

    Edit: whoops, that's Digital Ocean, not Cloudfront.

    Edit 2: okay - the one on port 8500 is to ing2.shouted.fm This appears to located in Germany. Any takers?

    Edit 3: whoops, cross 8500 off the list. shouted.fm is a music station, this was just Amarok trying something dumb behind my back... yay. The 8020 and 8087 ones are still unidentified though, and have no DNS records I can find.

    Edit 4: the port 8020 address belongs to Sonos radio, that's clean.

    Edit 5: hmm my bad, the 8087 traffic is not from a Windows machine. The source machine has a MAC address that does not look familiar (and no, I don't have wireless on my network). What the heck?
     
    Last edited: May 28, 2015
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
Loading...