Hi Nathan You want to look at the destination port - that's the port the remote server's trying to connect to. You may want to look at what applications use port 1948. Maybe even, what virii, trojans, etc, leave backdoors open on UDP 1948. Chances are, this may just be a probe. Go through a few day's logs and see if you see the same source address probing other ports.
Thanks Jude ----- Original Message ----- From: "Nathan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, July 22, 2003 5:57 PM Subject: What to look at, source or destination port? > 07/19/2003 04:33:30.688 - UDP packet dropped - Source:10.30.9.60, 1042, > LAN - Destination:remote.ip.address.x, 1948, WAN - - > 07/19/2003 04:35:48.912 - UDP packet dropped - Source:10.30.9.60, 1042, > LAN - Destination:remote.ip.address.x, 1948, WAN - - > 07/19/2003 04:37:34.384 - UDP packet dropped - Source:10.30.9.60, 1042, > LAN - Destination:remote.ip.address.x, 1948, WAN - - > 07/19/2003 04:40:41.576 - UDP packet dropped - Source:10.30.9.60, 1042, > LAN - Destination:remote.ip.address.x, 1948, WAN - - > 07/19/2003 03:16:22.432 - UDP packet dropped - Source:10.30.9.60, 1042, > LAN - Destination:remote.ip.address.x, 1948, WAN - - > > I recently saw these logs come across my friends firewall. I'm trying to > determine what is going on here. I looked up the remote.ip.address.x and it > was a AT&T Worldnet user. The destination port, 1948, is listed as eye2eye. > Well, I looked at eye2eye's website (www.iosoftware.com) and found nothing > about 1948. A user would have to configure the securesite software to use > that port specifically - which is not the case. My question to the list is, > is the source port what I should be looking at in these connections, or the > destination port? > > -Nathan > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
