port vs attack name information source?

This is not -exactly- on topic for comp.security.firewalls, but comp.security.misc was given over to spam years ago, and news.admin.net-abuse.sightings was re-organized out of existence earlier this year. Please feel free to redirect me to a more appropriate (and still active) newsgroup.

I would like to inquire as to good sites in which I can look up port numbers and see which attacks (trojan/virus) they are associated with. For example, my firewall logs show that since late on October 19, I've had over 155000 attempts to reach tcp 15057 on my residential connection, but I cannot find any non-trivial information about what the port is used for.

(It is within the realm of possibility that what I'm seeing is a randomly chosen port that got registered as an end-point by a distributed-processing program such as Skype; it's never easy to track such things without packet captures at the time of the original port registration.)

One way or another, it would be easier if there were sites known to have fairly up-to-date information about port usage. For example, if it turns out to be a random distributed port, then *not* finding the port on the list of known attack ports would also give me information about what I was seeing in the logs.

Thank you, Walter Roberson

Reply to
Walter Roberson
Loading thread data ...

Thu, 29 Oct 2009 08:31:39 -0700 wrote Walter Roberson:

It looks like the port is unassigned at:

formatting link
Port 23399 is the default port number for Skype, but there is no law that say it have to be.

I did Google a little (mumbling something over people that can't do there own... ;-) ) and came up empty handed nor

formatting link
or
formatting link
seems to have the info you looking for. At least Wikipedia has a non complete list over port numbers and some references and somewhat useful links. /Anders

Reply to
anders

If you're on Linux, see /usr/share/nmap/nmap-services -- but the only extra info there is open frequency:

~$ grep 15057 /usr/share/nmap/nmap-services unknown 15057/udp 0.000330

In any case being hit at a particluar port that you're not providing a service on simply means you drop or reject the probe. Knowing what the port is used for doesn't change your response to it :)

Grant.

Reply to
Grant

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.