20480 is also commonly used by some multiplayer games for their server ports also.
-----Original Message----- From: KoRe MeLtDoWn [mailto:koremeltdown@;hotmail.com] Sent: Tuesday, October 15, 2002 11:43 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Increase in traffic on port 20480 and 6667 Be informed that 6667 is also one of the most common ports for IRC servers to run on.... Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com/ New Zealand Is your box REALLY secure? >From: "Kip Sr." <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Increase in traffic on port 20480 and 6667 >Date: Thu, 10 Oct 2002 12:16:09 -0700 (PDT) >MIME-Version: 1.0 >Received: from outgoing.securityfocus.com ([205.206.231.27]) by >mc8-f38.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Tue, 15 Oct >2002 18:17:18 -0700 >Received: from lists.securityfocus.com (lists.securityfocus.com >[205.206.231.19])by outgoing.securityfocus.com (Postfix) with QMQPid >B5334A30D7; Tue, 15 Oct 2002 09:31:25 -0600 (MDT) >Received: (qmail 13910 invoked from network); 11 Oct 2002 19:52:09 -0000 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:security-basics@;securityfocus.com> >List-Help: <mailto:security-basics-help@;securityfocus.com> >List-Unsubscribe: <mailto:security-basics-unsubscribe@;securityfocus.com> >List-Subscribe: <mailto:security-basics-subscribe@;securityfocus.com> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Message-ID: <[EMAIL PROTECTED]> >Return-Path: >[EMAIL PROTECTED] >X-OriginalArrivalTime: 16 Oct 2002 01:17:18.0196 (UTC) >FILETIME=[C4F10B40:01C274B1] > >Hi there, > >In the past few days, my IDS has been picking up >traffic coming from port 20480 (on Internet servers) >to port 6667 (internal desktops). Both ports are >commonly used by trojan horse programs. Has anyone >else seens this? > >10/10-11:50:01.977897 204.x.x.x:20480 -> >192.168.0.199:6667 >TCP TTL:255 TOS:0x10 ID:0 IpLen:20 DgmLen:195 > > >Thanks, >Kip Sr. > >__________________________________________________ >Do you Yahoo!? >Faith Hill - Exclusive Performances, Videos & More >http://faith.yahoo.com _________________________________________________________________ Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp
