TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I haven't seen any known default Trojan ports set to listen on 1975.
IANA has the following listed-
tcoflashagent 1975/tcp TCO Flash Agent
tcoflashagent 1975/udp TCO Flash Agent
My guess something reconfigured to use a non standard port. Can you check
the machines responsible, since everything originates from inside.
You can monitor the latest official and unofficial ports at the following
sites.
http://www.isi.edu/in-notes/iana/assignments/port-numbers
http://www.doshelp.com/
http://www.simovits.com/nyheter9902.html
-----Original Message-----
From: Jim McConnell [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 22, 2000 11:12 AM
To: '[EMAIL PROTECTED]'
Subject: "Strange" Port = 1975
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Has anyone seen source port 1975 on any of their applications (COTS), the
Destination Port appears to be incrementing?
I thought it might be a strange (to me) ftp or http session but the
destination is various Internet Sites.
Could it be for a Channel or PointCast or AdServer?
They all source from within our network but dropped by our firewall but the
volume is in the top 3 for our firewall.
Any ideas?
Jim McConnell, CISSP, CISA, CISS
Manager
GTE Information Security - TSI
813-209-3740
mailto:[EMAIL PROTECTED]
SECRITY doesn't work without "U"
GTE Proprietary
