TCP port 65506

Seeing much more activity in portscans on TCP 65506
Does this belong to something going around these days in trojan/worm/bots country?

 

http://isc.incidents.org/port_details.html?port=65506&repax=1&tarax=2&srcax=2&percent=N&days=40

The above link shows you are not alone, but no details yet on what it might be.

Regards,

CrazyM

 

Yes, it did not come back here either; googling around i saw somebody noticed it in his proxy list all of a sudden hundreds of them in december 2003, no explanations about that either, two days ago in the DSLR forums it was mentioned among other ports for a phatbot (?) and the port was mentiond SSL so i don't know really.
I've seen it mentioned as a voice port for Cisco ...router?
vague, memory doesn't serve me well enough.

Googling more i see it in proxy lists again, new proxy port?

 

Jooske,

Link Logger is tracking it at www.dslreports.com/forum/remark,9644670~mode=flat , complete with packet captures.


fixed link - Detox

 

Looks like what we have in TDS Port Listen and the traffic bridge and UDP broadccast all together, fortunately -- hadn't thought a moment of using the Port listen.
If we wouldn't block that port in the firewall Port Explorer can help sniffing the packets too!
Thanks for the link to this!

 

Portpeeker only listens to ICMP . Windows NT and 2000 comes default with security to inhibit the use of ICMP. The Portpeeker sites shows how to disable the Raw Socket check in NT and 2000 so you can use porpeeker but how is it done in Windows XP?
I know Portpeeker is freeware but there should be a tick mark in the program to do this without having to edit the registry.
I do not have this key on my XP box.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Afd\Parameters\DisableRawSecurity

Jooske, Can TDS-3 listen for ICMP traffic?

Thanks

controler

 

This is all I could find on MS

it is over my head

http://support.microsoft.com/default.aspx?scid=kb;en-us;314053&Product=winxp

URL tags added to the link - paul

 

I put a write up on the 65506 adventure here http://www.linklogger.com/65506SpamRelay.htm

As far as capturing ICMP messages with PortPeeker, Windows is rather funny about ICMP messages as when I wrote that part of PortPeeker I was really thinking about capturing Nachi pings which were unique in their message contents. However AFIK the only way to capture Windows pings is to go to the socket level, so I had to write a separate application from PortPeeker to do what I wanted at the time. So in short PortPeeker has limited ICMP capture functionality because of some of the nuances within Windows ICMP handling.

Blake

 

So i can be less frustrated with this error message all time i configure port peeker to look at ICMP pings on either my modem or netcard level or public IP address
Error Code: 10022 Winsock error in recv()

To answer Controler: i tried the TDS Port listen but it does not listen on port 0, (is that not the ICMP port?)
other ports to try?

In Port Explorer statistics for ICMP i do see lots of errors now both outgoing and incoming pings. Some 68 in those few minutes to write this message.

 

ICMP does not use ports like TCP or UDP, but message Types and Codes. This link will give you a break down of those.

If you are interested in capturing ICMP packets, you will likely have to use something like Ethereal.

Regards,

CrazyM

 

CrazyM

I tried Ethereal a few years ago but it sure seemed complicated to use.
I have even less time now to figure that stuff out.
Maybe i will give it a try again. I know it is a good program in the right hands

controler

 

The Washingtonpost.com has a fairly comprehensive writeup of this Phatbot trojan, which apparently has spread to hundreds of thousands of computers worldwide

http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html