Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 020614.html (Request Expert securityfocus.com Support)

RE: Traffic on UDP 1815

From: Sahr, Kenneth <ksahr(at)fiwc.navy.mil>
Date: Wed Feb 12 2003 - 08:14:27 EST


Actually, I was able to determine it's source late last night..It turns out that P2P software Kazaa was causing the connections to come back, I can't imagine what it uses UDP 1815 for, however, as I blocked all incoming queries to that port and was still able to search and download files..while doing so I saw many packets attempt to come in on the suspect port, but all were dropped by my firewall. Like I said, not sure why this traffic was occuring, but at least I know what was causing it.. Thanks everyone for your answers.

KS

-----Original Message-----

From: Mark E. Donaldson [mailto:markee@ridgecrest.ca.us] Sent: Tuesday, February 11, 2003 11:51 PM To: Sahr, Kenneth; incidents@securityfocus.com Subject: RE: Traffic on UDP 1815

It appears MMPFT is the acronym for "Multimedia Portables For Teachers". Not a heavily used service I would think. You say you these packets are coming to your home machine. Can we assume this is a dynamic IP connection and perhaps the packets are intended for the user assigned that IP from an earlier time? Unfortunately, UDP provides few clues and it is often hard to draw any conclusion unless full payload captures are available.

-----Original Message-----

From: Sahr, Kenneth [mailto:ksahr@fiwc.navy.mil] Sent: Tuesday, February 11, 2003 7:21 AM To: incidents@securityfocus.com
Subject: Traffic on UDP 1815

Hi all, longtime lurker, first time poster to this forum. I've been seeing a lot of traffic on my home Win2K pro machine lately from random IP's/high numbered source ports to UDP 1815, which is registered as "MMPFT"..this is all the information I can gather on it though..anybody have any insight into what this might be? I'm hoping someone's seen it before.. I also checked, there is no initial packets sent out from my machine to any of these source IP's..so I don't suspect any kind of callback, and I don't really expect any sort of intrusion at all..just curious as to what this service is..

Thanks in advance for any replies

K Sahr


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Feb 12 18:43:38 2003
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library