what malware uses port 2070?

Archived from groups: comp.security.firewalls (More info?)

My router logs this morning are virtually continually showing incoming port
2070 scans from a wide range of IP addresses. Is there a worm etc that
typically uses this port?

Thanks,
Billh
3 answers Last reply
More about what malware port 2070
  1. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, billh mused:
    |
    | My router logs this morning are virtually continually showing incoming
    | port 2070 scans from a wide range of IP addresses. Is there a worm etc
    | that typically uses this port?

    It doesn't appear so. On the list I have that was updated two days ago,
    it lists the following for 2070 TCP/UDP: "AH and ESP Encapsulated in UDP
    packet" which appear to be related to IPSec.
  2. Archived from groups: comp.security.firewalls (More info?)

    "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
    news:YsOmc.46293$kh4.2564957@attbi_s52...
    > Taking a moment's reflection, billh mused:
    > |
    > | My router logs this morning are virtually continually showing incoming
    > | port 2070 scans from a wide range of IP addresses. Is there a worm etc
    > | that typically uses this port?
    >
    > It doesn't appear so. On the list I have that was updated two days
    ago,
    > it lists the following for 2070 TCP/UDP: "AH and ESP Encapsulated in UDP
    > packet" which appear to be related to IPSec.
    >
    >
    Thanks for the reply. So I can try and understand this stuff a bit better
    why would I be logging so many attempts?
    Billh
  3. Archived from groups: comp.security.firewalls (More info?)

    Taking a moment's reflection, billh mused:
    |
    | Thanks for the reply. So I can try and understand this stuff a bit better
    | why would I be logging so many attempts?

    To be honest, I am not quite sure. Perhaps someone else will come along
    with more information. Though, I would be inclined to believe that perhaps
    someone has misconfigured something on their end, and that traffic is
    mistakenly being directed to your IP. Or, perhaps, it corresponds with your
    attempts to log into/out of a SSH secured site.
Ask a new question

Read More

Firewalls Malware Networking