Tom's Hardware > Forum > General Networking > Firewall > constant probes on port 25975

constant probes on port 25975

Forum General Networking : Firewall - constant probes on port 25975

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   08-29-2005 at 04:15:38 PM

Archived from groups: comp.security.firewalls (More info?)

 

We're seeing probes inbound on port 25975 every couple seconds from a
specific Ip, while I've already contacted rogers abuse and they are
giving the owner 2 days, I would like to know what they are trying to
connect to on our end. I can't find anything that uses port 25975.

2005/08/28 00:00:17.43 I tcp 24.101.232.187
cpe000d88b065e4-cm400049342774.cpe.net.cable.rogers.com
64263 XX.YY.ZZZ.AA 25975

Any ideas?

--

spam999free@rrohio.com
remove 999 in order to email me

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   08-31-2005 at 09:07:49 AM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d7caa5ac9cf54fb989d80@news-server.columbus.rr.com...
> We're seeing probes inbound on port 25975 every couple seconds from a
> specific Ip, while I've already contacted rogers abuse and they are
> giving the owner 2 days, I would like to know what they are trying to
> connect to on our end. I can't find anything that uses port 25975.
>

Does this abuse thing actually work? I have a lot of probes inbound on udp
ports 1026 and 1027 from some IP(s) out of Asia over the last few days. They
are hammering on the ports so much that I have taken notice of it.

I wonder if there is some kind of list of IP(s) for Asia that I can get and
set rules to eliminate that whole area, even though the WG is blocking them
..

Duane :)

Reply to Anonymous
Anonymous   08-31-2005 at 07:24:11 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

On Mon, 29 Aug 2005 10:15:38 GMT, Leythos wrote:

> We're seeing probes inbound on port 25975 every couple seconds from a
> specific Ip, while I've already contacted rogers abuse and they are
> giving the owner 2 days, I would like to know what they are trying to
> connect to on our end. I can't find anything that uses port 25975.
>
> 2005/08/28 00:00:17.43 I tcp 24.101.232.187
> cpe000d88b065e4-cm400049342774.cpe.net.cable.rogers.com
> 64263 XX.YY.ZZZ.AA 25975
>
> Any ideas?

BitTorrent? Some other P2P application? I know that BitTornado, a client
that I use, will randomly pick any port from 10000 to 60000 with UPnP
enabled to control ports on the router. Many users of P2P clients set them
to use high ports to avoid their ISPs blocking on the default client ports.

--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.

Reply to Anonymous
Anonymous   08-31-2005 at 09:49:58 PM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

In article <r7knwr296wxr.dlg@aol.prodigy.net>,
spammers.are@immoral.invalid says...
> On Mon, 29 Aug 2005 10:15:38 GMT, Leythos wrote:
>
> > We're seeing probes inbound on port 25975 every couple seconds from a
> > specific Ip, while I've already contacted rogers abuse and they are
> > giving the owner 2 days, I would like to know what they are trying to
> > connect to on our end. I can't find anything that uses port 25975.
> >
> > 2005/08/28 00:00:17.43 I tcp 24.101.232.187
> > cpe000d88b065e4-cm400049342774.cpe.net.cable.rogers.com
> > 64263 XX.YY.ZZZ.AA 25975
> >
> > Any ideas?
>
> BitTorrent? Some other P2P application? I know that BitTornado, a client
> that I use, will randomly pick any port from 10000 to 60000 with UPnP
> enabled to control ports on the router. Many users of P2P clients set them
> to use high ports to avoid their ISPs blocking on the default client ports.

Yea, it could be, but it's been at least a week of it doing this and we
don't have anyone in the network at this time (on our end)....

--

spam999free@rrohio.com
remove 999 in order to email me

Reply to Anonymous
Anonymous   09-01-2005 at 03:08:36 AM
- 0 +

Archived from groups: comp.security.firewalls (More info?)

 

I understand the UDP is a broadcast protocol and just comes down the pipe
for anything that is listening.

Thanks for the other info. I guess I'll just let the FW block it on its own.

I do have another question about my ISP's DNS servers sending unsolicited
inbound on UDP port 53 to the external IP at the same high port number
35469, which the FW is blocking this traffic. Do you know what that is
about? I don't think I have noticed this traffic until I started using
static IP(s) on one of my machines recently.

Duane :)

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > General Networking > Firewall > constant probes on port 25975
Go to:

There are 1031 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.241 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?