Do these ports and IP ranges sound familiar?

Discussion in 'malware problems & news' started by Gullible Jones, May 28, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    My firewall box has recently been blocking outbound traffic on ports 8020, 8087, and 8500; mostly to a small number of IPs leased by Digital Ocean, Netscape/AOL, and RIPE NCC. Reverse DNS lookups fail on all of these IPs.

    Even more ominously, these unidentifiable communications originate exclusively from two Windows machines on my network. (One Windows 7 x86, the other x64.)

    Is this stuff identifiable to anyone?

    Edit: whoops, that's Digital Ocean, not Cloudfront.

    Edit 2: okay - the one on port 8500 is to This appears to located in Germany. Any takers?

    Edit 3: whoops, cross 8500 off the list. is a music station, this was just Amarok trying something dumb behind my back... yay. The 8020 and 8087 ones are still unidentified though, and have no DNS records I can find.

    Edit 4: the port 8020 address belongs to Sonos radio, that's clean.

    Edit 5: hmm my bad, the 8087 traffic is not from a Windows machine. The source machine has a MAC address that does not look familiar (and no, I don't have wireless on my network). What the heck?
    Last edited: May 28, 2015
  2. wat0114

    wat0114 Registered Member

    Aug 5, 2012