I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated. wade G.
/etc/services says: llsurfup-http 1183/tcp # LL Surfup HTTP llsurfup-http 1183/udp # LL Surfup HTTP llsurfup-https 1184/tcp # LL Surfup HTTPS llsurfup-https 1184/udp # LL Surfup HTTPS -----Ursprüngliche Nachricht----- Von: Wade Grant [mailto:WGrant@mde.k12.ms.us] Gesendet: Freitag, 20. Mai 2005 16:52 An: suse-security@suse.com Betreff: [suse-security] Strange traffic. I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated. wade G. -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Surfup is from Laplink See http://www.laplink.com/surfup/
Hi, On Fri, 20 May 2005 17:12:50 +0200 "^.ShinyDoofy.^" <.> wrote:
/etc/services says: llsurfup-http 1183/tcp # LL Surfup HTTP llsurfup-http 1183/udp # LL Surfup HTTP llsurfup-https 1184/tcp # LL Surfup HTTPS llsurfup-https 1184/udp # LL Surfup HTTPS
-----Ursprüngliche Nachricht----- Von: Wade Grant [mailto:WGrant@mde.k12.ms.us] Gesendet: Freitag, 20. Mai 2005 16:52 An: suse-security@suse.com Betreff: [suse-security] Strange traffic.
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated.
wade G.
My /etc/services doesn't say anything on udp 1148 the OP asked :( Mayb' you made a typo there 1148 <-> 1184 to get such an answer... Pelibali
See http://www.iana.org/assignments/port-numbers
Search for port "1184" or "llsurfup".
|---------+---------------------------->
| | pelibali |
| |
--------------------------------------------------------------------------------------------------------------| | | | To: suse-security@suse.com | | cc: | | Subject: Re: [suse-security] Strange traffic. | --------------------------------------------------------------------------------------------------------------|
Hi, On Fri, 20 May 2005 17:12:50 +0200 "^.ShinyDoofy.^" <.> wrote:
/etc/services says: llsurfup-http 1183/tcp # LL Surfup HTTP llsurfup-http 1183/udp # LL Surfup HTTP llsurfup-https 1184/tcp # LL Surfup HTTPS llsurfup-https 1184/udp # LL Surfup HTTPS
-----Ursprüngliche Nachricht----- Von: Wade Grant [mailto:WGrant@mde.k12.ms.us] Gesendet: Freitag, 20. Mai 2005 16:52 An: suse-security@suse.com Betreff: [suse-security] Strange traffic.
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated.
wade G.
My /etc/services doesn't say anything on udp 1148 the OP asked :( Mayb' you made a typo there 1148 <-> 1184 to get such an answer... Pelibali -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated.
See http://www.iana.org/assignments/port-numbers Search for port "1184" or "llsurfup".
Guys, the OP asked about port 1148 not 1184. Maybe searching for port 1184 won't help after all ;-) 1148 is not assigned to any service it seems, and a quick search on google didn't show anything of use. Tom. -- Tom Knight System Administration Officer Arts & Humanities Data Service Web: http://www.ahds.ac.uk Email: tom.knight@ahds.ac.uk
Hi, Am Freitag, 20. Mai 2005 18:17 schrieb pelibali:
My /etc/services doesn't say anything on udp 1148 the OP asked :( Mayb' you made a typo there 1148 <-> 1184 to get such an answer..
1148 not assigned 1184 LL Surfup HTTPS 1418 Timbuktu Service 2 Port 1481 AIRS 1814 TDP Suite 1841 netopia-vo3 4118 not assigned 4181 not assigned 4811 not assigned 8114 not assigned 8141 not assigned 8411 not assigned Did I miss a typo? Best wishes Heimo -- Heimo Ponnath Webdesign, Rotenhäuserstr. 51, 21109 Hamburg Tel: 040-753 47 95,Fax: 040-752 68 03, http://www.heimo.de/
Never seen that. I scanned our 8.658.294 lines of logs and I got only 46 old packets (8, 14, 15 and 16 December last year). At least that virus/worm/malware didn't hit us already :-) Ariel Wade Grant wrote:
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated.
wade G.
On Fri, May 20, 2005 at 09:51:59AM -0500, Wade Grant wrote:
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting. Has anyone seen or heard of traffic on udp 1148? I am thinking it may just be some spy or mal ware. Any info you know of would be appreciated.
According to isc theres not much going on on port 1148. http://isc.sans.org/port_details.php?port=1148 furthermore most logged 1148 traffic is tcp. I can't find any suspicious Traffic for this port in our logfiles.
wade G.
marc
participants (8)
-
^.ShinyDoofy.^ -
Ariel Sabiguero Yawelak -
Heimo Ponnath -
Marc Samendinger -
Mark Perry -
pelibali -
Thomas Knight -
Wade Grant