|
|
|
|
01-07-2004, 05:17 PM
|
#1 |
Port 3509?
When I use Tinylogger to view my Kerio log, I notice that this morning
I'm getting a lot of TCP packets sent to port 3509 on my system. This is right after I boot up and before I start any programs (browsers, news reader, mail etc.) They're coming in groups of three and all getting blocked, but I'm still curious what this is all about. Anybody help here? TIA -- Regards from John Corliss John Corliss |
|
|
|
01-07-2004, 08:52 PM
|
#2 |
|
Posts: n/a
|
Re: Port 3509?
"John Corliss" <#> wrote in message news:... > I'm getting a lot of TCP packets sent to port 3509 on my system. Virtual Token SSL port. Ref: http://www.seifried.org/security/ports/3000/3509.html PT Wang |
|
|
|
01-07-2004, 09:42 PM
|
#3 |
|
Posts: n/a
|
Re: Port 3509?
PT Wang wrote:
> John Corliss wrote: > >> I'm getting a lot of TCP packets sent to port 3509 on my system. > > Virtual Token SSL port. > > Ref: http://www.seifried.org/security/ports/3000/3509.html Thanks for the pointer. However, now I'm dealing with an undefined (from my perspective) terminology. Virtual Token SSL Port = Virtual Token Secure Sockets Layer Port. Virtual = "Being such in essence or effect though not in actual fact" Token = "An individual instance of a type of symbol" Can you explain why I'm getting so many hits on that port? Is there a virus that's hitting this one like the MSBlast virus was hitting the 135 port? Again, TIA. -- Regards from John Corliss No adware, cdware, commercial software, crippleware, demoware, nagware, shareware, spyware, time-limited software, trialware, viruses or warez please. John Corliss |
|
|
|
01-07-2004, 11:43 PM
|
#4 |
|
Posts: n/a
|
Re: Port 3509?
http://www.dshield.org/port_report.php?port=3509
http://isc.sans.org/port_details.html?port=3509 Dave "John Corliss" <#> wrote in message news:... | When I use Tinylogger to view my Kerio log, I notice that this morning | I'm getting a lot of TCP packets sent to port 3509 on my system. This | is right after I boot up and before I start any programs (browsers, | news reader, mail etc.) They're coming in groups of three and all | getting blocked, but I'm still curious what this is all about. Anybody | help here? | | TIA | | -- | Regards from John Corliss | David H. Lipman |
|
|
|
01-07-2004, 11:51 PM
|
#5 |
|
Posts: n/a
|
Re: Port 3509?
"John Corliss" <#> wrote in message news:... > Can you explain why I'm getting so many hits on that port? Is there a > virus that's hitting this one like the MSBlast virus was hitting the > 135 port? Possibly. Do you have a fixed IP? Which IPs do the probes originate? Do they come from your own subnet? PT Wang |
|
|
|
01-08-2004, 12:44 AM
|
#6 |
|
Posts: n/a
|
Re: Port 3509?
John Corliss <#> wrote in message news:<>...
> When I use Tinylogger to view my Kerio log, I notice that this morning > I'm getting a lot of TCP packets sent to port 3509 on my system. This > is right after I boot up and before I start any programs (browsers, > news reader, mail etc.) They're coming in groups of three and all > getting blocked, but I'm still curious what this is all about. Anybody > help here? > > TIA That would be Virtual Token SSL (Secure Socket Layer) port, but couldn't say why your getting it, probably just normal Internet garbage traffic. ~oog ooogla |
|
|
|
01-08-2004, 08:59 AM
|
#7 |
|
Posts: n/a
|
Re: Port 3509?
PT Wang wrote:
> "John Corliss" <#> wrote in message > news:... > >>Can you explain why I'm getting so many hits on that port? Is there a >>virus that's hitting this one like the MSBlast virus was hitting the >>135 port? > > > Possibly. Do you have a fixed IP? No. > Which IPs do the probes originate? Do they come from your own subnet? Not from my subnet. From lots of other places. However, the activity seems to have stopped. This afternoon, I uninstalled Client for Microsoft Networks for another reason. That made Netstat -a show two less active UDP connections. Wonder if this had anything to do with it (doubtful.) -- Regards from John Corliss John Corliss |
|
|
|
01-08-2004, 09:01 AM
|
#8 |
|
Posts: n/a
|
Re: Port 3509?
ooogla wrote:
> John Corliss wrote: > >>When I use Tinylogger to view my Kerio log, I notice that this morning >>I'm getting a lot of TCP packets sent to port 3509 on my system. This >>is right after I boot up and before I start any programs (browsers, >>news reader, mail etc.) They're coming in groups of three and all >>getting blocked, but I'm still curious what this is all about. Anybody >>help here? >> >>TIA > > That would be Virtual Token SSL (Secure Socket Layer) port, but > couldn't say why your getting it, probably just normal Internet > garbage traffic. It seems to have stopped for the time being. As I mentioned to PT Wang- this afternoon, I uninstalled Client for Microsoft Networks for another reason. That made Netstat -a show two less active UDP connections. Wonder if this had anything to do with it (doubtful.) -- Regards from John Corliss John Corliss |
|
|
|
01-08-2004, 09:13 AM
|
#9 |
|
Posts: n/a
|
Re: Port 3509?
David H. Lipman wrote:
> John Corliss wrote: >> When I use Tinylogger to view my Kerio log, I notice that this morning >> I'm getting a lot of TCP packets sent to port 3509 on my system. This >> is right after I boot up and before I start any programs (browsers, >> news reader, mail etc.) They're coming in groups of three and all >> getting blocked, but I'm still curious what this is all about. Anybody >> help here? > > http://www.dshield.org/port_report.php?port=3509 > http://isc.sans.org/port_details.html?port=3509 Thanks for the links, Dave. I've bookmarked the following: http://www.dshield.org/ Lots of good stuff there. -- Regards from John Corliss John Corliss |
|
|
|
01-13-2004, 12:07 PM
|
#10 |
|
Posts: n/a
|
Re: Port 3509?
Is there any way to add a port onto the list?
I'm writing a Half-Life mod that uses a different port than the standard Half-Life port (27015) and don't want people blocking it (would break the program); so adding a port onto the list might make people not block it. *tongue-tied* "John Corliss" <#> wrote in message news:... > ooogla wrote: > > John Corliss wrote: > > > >>When I use Tinylogger to view my Kerio log, I notice that this morning > >>I'm getting a lot of TCP packets sent to port 3509 on my system. This > >>is right after I boot up and before I start any programs (browsers, > >>news reader, mail etc.) They're coming in groups of three and all > >>getting blocked, but I'm still curious what this is all about. Anybody > >>help here? > >> > >>TIA > > > > That would be Virtual Token SSL (Secure Socket Layer) port, but > > couldn't say why your getting it, probably just normal Internet > > garbage traffic. > > It seems to have stopped for the time being. As I mentioned to PT > Wang- this afternoon, I uninstalled Client for Microsoft Networks for > another reason. That made Netstat -a show two less active UDP > connections. Wonder if this had anything to do with it (doubtful.) > > -- > Regards from John Corliss > Alan P |
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Can not access console port of Cisco 7200 vxr | mansurbd | Hardware | 1 | 01-12-2009 06:53 PM |
| How to check current event and port status for Aliwei FXO gateway | Robin wang | Hardware | 0 | 04-11-2008 09:54 AM |
| Port 445: Effective/Safe Blocking | Samwise | General Help Related Topics | 0 | 01-06-2008 09:19 PM |
| Long, regarding a "lost" COM port | smackedass | A+ Certification | 4 | 02-05-2007 04:55 PM |
| non plug and play device on com port? | David K | A+ Certification | 1 | 07-18-2003 08:38 PM |
