Port 17550 UDP? - Mandriva

This is a discussion on Port 17550 UDP? - Mandriva ; Hi, I'm getting lots of traffic to UDP Port 17550. The are coming in from all over the world. I've googled for this port but can't find anything. Any ideas? Here are a couple of lines from syslog: Apr 12 ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Port 17550 UDP?

  1. Port 17550 UDP?

    Hi,

    I'm getting lots of traffic to UDP Port 17550. The are coming in from
    all over the world.

    I've googled for this port but can't find anything.

    Any ideas?

    Here are a couple of lines from syslog:
    Apr 12 08:33:41 lm01 kernel: Inbound IN=eth0 OUT= MAC=
    00:e0:4c:ee:66:2b:00:14:d1:c2:1a:6b:08:00 SRC=60.162.132.88 DST=
    192.168.0.112 LEN=126 TOS=0x00 PREC=0x00 TTL=115 ID=53908 PROTO=UDP SPT=
    22170 DPT=17550 LEN=106

    Apr 12 08:33:41 lm01 kernel: Inbound IN=eth0 OUT= MAC=
    00:e0:4c:ee:66:2b:00:14:d1:c2:1a:6b:08:00 SRC=123.11.43.30 DST=
    192.168.0.112 LEN=90 TOS=0x00 PREC=0x00 TTL=46 ID=31301 PROTO=UDP SPT=
    16001 DPT=17550 LEN=70


    Thanks,


    Frank

  2. Re: Port 17550 UDP?

    On Sat, 12 Apr 2008 12:44:15 GMT, Frank Dreyfus wrote:
    > Hi,
    >
    > I'm getting lots of traffic to UDP Port 17550. The are coming in from
    > all over the world.
    >
    > I've googled for this port but can't find anything.


    You must be lucky or you are seeing the leading edge of something new.
    http://isc.sans.org/port.html?port=17550


  3. Re: Port 17550 UDP?

    Bit Twister wrote:

    > On Sat, 12 Apr 2008 12:44:15 GMT, Frank Dreyfus wrote:
    >> Hi,
    >>
    >> I'm getting lots of traffic to UDP Port 17550. The are coming in from
    >> all over the world.
    >>
    >> I've googled for this port but can't find anything.

    >
    > You must be lucky or you are seeing the leading edge of something new.
    > http://isc.sans.org/port.html?port=17550


    According to */etc/services* on this box here, port 17550 is not assigned to
    any particular service of either protocol.

    Anyway, it is a port for use by applications, not by daemons - that would
    require it to rank beneath 1024 - so if it's listed as listening, then you
    must have some userspace application monitoring it.

    Well... Unless it's a Windows box, of course, because Windows is hungry for
    connections on every port in existence...

    --
    Aragorn
    (registered GNU/Linux user #223157)

  4. Re: Port 17550 UDP?

    On Sat, 12 Apr 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    , Aragorn wrote:

    >Bit Twister wrote:


    >> Frank Dreyfus wrote:


    >>> I'm getting lots of traffic to UDP Port 17550. The are coming in
    >>> from all over the world.
    >>>
    >>> I've googled for this port but can't find anything.

    >>
    >> You must be lucky or you are seeing the leading edge of something new.
    >> http://isc.sans.org/port.html?port=17550


    >According to */etc/services* on this box here, port 17550 is not
    >assigned to any particular service of either protocol.


    Contrary to the beliefs of many, it isn't necessary to have an IANA
    assignment to use a specific port for a server. See
    http://www.iana.org/assignments/port-numbers. I really doubt that the
    "Cult of The Dead Cow" applied to have port 31337 for their Back Orifice
    windoze virus. ;-) See the second paragraph on page 5 of RFC0793 for
    further clues.

    >Anyway, it is a port for use by applications, not by daemons - that
    >would require it to rank beneath 1024 - so if it's listed as listening,
    >then you must have some userspace application monitoring it.


    You may want to look at the IANA port list, and think why ports 6000 to
    6063 are assigned for X servers, or what service uses port 1413. Then
    go back an re-read the O/P post. He's seeing connection attempts (in his
    system logs) and wondering what the lusers of the world are trying to
    connect to. Not an unusual request, as UDP servers in that range are
    uncommon and that's why Bit Twister posted the Internet Storm Center URL.

    >Well... Unless it's a Windows box, of course, because Windows is hungry
    >for connections on every port in existence...


    comp.os.*.advocacy is over there --------------------------------------->

    Old guy

  5. Re: Port 17550 UDP?

    Moe Trin wrote:

    > On Sat, 12 Apr 2008, in the Usenet newsgroup alt.os.linux.mandriva, in
    > article , Aragorn wrote:
    >
    >> Bit Twister wrote:

    >
    >>> Frank Dreyfus wrote:

    >
    >>>> I'm getting lots of traffic to UDP Port 17550. The are coming in
    >>>> from all over the world.
    >>>>
    >>>> I've googled for this port but can't find anything.
    >>>
    >>> You must be lucky or you are seeing the leading edge of something new.
    >>> http://isc.sans.org/port.html?port=17550

    >>
    >> According to */etc/services* on this box here, port 17550 is not
    >> assigned to any particular service of either protocol.

    >
    > Contrary to the beliefs of many, it isn't necessary to have an IANA
    > assignment to use a specific port for a server.


    Of course not - I am well aware of this. However, most people typically
    have their services running on IANA-standardized ports.

    > See http://www.iana.org/assignments/port-numbers. I really doubt that the
    > "Cult of The Dead Cow" applied to have port 31337 for their Back Orifice
    > windoze virus. ;-) See the second paragraph on page 5 of RFC0793 for
    > further clues.


    While that is true, in the paragraph below this one, I stated that ports
    above 1023 are typically designated to non-daemon applications, whatever
    applications those may be. The very fact that the ports exist is evidence
    that they are needed.

    >> Anyway, it is a port for use by applications, not by daemons - that
    >> would require it to rank beneath 1024 - so if it's listed as listening,
    >> then you must have some userspace application monitoring it.

    >
    > You may want to look at the IANA port list, and think why ports 6000 to
    > 6063 are assigned for X servers, or what service uses port 1413. Then
    > go back an re-read the O/P post. He's seeing connection attempts (in his
    > system logs) and wondering what the lusers of the world are trying to
    > connect to.


    Perhaps it is just an attempt to interface with a Windows-specific kind of
    malware - a botnet slave, perhaps? - that normally listens on that port.

    > Not an unusual request, as UDP servers in that range are uncommon and
    > that's why Bit Twister posted the Internet Storm Center URL.


    I take it you mean "usual" rather than "unusual"?

    >> Well... Unless it's a Windows box, of course, because Windows is hungry
    >> for connections on every port in existence...
    >>

    > comp.os.*.advocacy is over there --------------------------------------->


    Since you've indulged in making a derogatory comment about Windows yourself
    a few paragraphs up - I cite and submit your use of the words "windoze
    virus" as evidence - why exactly are you chastising me over stating a
    technological fact regarding Windows? Given the percentage of dual-boot
    users in this newsgroup, the question/innuendo - eventhough rhetoric and
    satiric in nature - was legitimate.

    Windows *does* listen on all ports by default, and requires the user to
    disable a number of "services" and/or make use of a userspace firewall just
    to keep the blackhats out and the malware from phoning home - which Windows
    XP apparently also seems wanting to do in its default configuration.

    I got this information from a very Windows-centric computer magazine, and in
    light of the many Windows-specific habituations GNU/Linux seem to be
    exhibiting, pointing the above out is warranted. Concretely, in the OP's
    case, if the machine is running GNU/Linux and he is not running anything
    that listens on that port, his machine should be safe from that specific
    type of unwanted connections.

    As for /C.O.L.A.,/ been there, done that. It's a newsgroup infested with
    people of extreme conservative and conservativistic nature, racists,
    trolls, idiots, sexually deviant exhibitionists, paid Microsoft shills, and
    other people who like arguing just for the sake of arguing - isn't there
    supposed to be a newsgroup specifically for those? - all amidst the three
    or four genuine GNU/Linux advocates who _do_ realize that it's about
    GNU/Linux advocacy, not about anti-Windows advocacy.

    So yes, been there, done that. Wasn't happy there. Left it after about one
    year - I'm a very patient man - and I did leave that group for the cited
    reasons.

    --
    Aragorn
    (registered GNU/Linux user #223157)

  6. Re: Port 17550 UDP?

    Aragorn wrote:

    > I got this information from a very Windows-centric computer magazine, and
    > in light of the many Windows-specific habituations GNU/Linux seem to be
    > [...] ^^^


    That should read "GNU/Linux newbies" - my apologies for the typo.

    --
    Aragorn
    (registered GNU/Linux user #223157)

  7. Re: Port 17550 UDP?

    Aragorn,

    I regard you as an old friend, and am very pleased
    you are back, but you need to monitor this group for
    a few weeks before going off half-****ed.

    We have several new members since you left who are
    invaluable, and the incidence of regular trouble-makers
    has dropped to almost nothing. (Knock on wood, and taps
    head). This is worth noting before induling in your
    always-ready-to-argue style. The latter is not necessarily
    wrong, but not always appropriate.

    Cheers!

    jim b.

    --
    UNIX is not user-unfriendly; it merely
    expects users to be computer-friendly.

  8. Re: Port 17550 UDP?

    Jim Beard wrote:

    > Aragorn,
    >
    > I regard you as an old friend, and am very pleased you are back, but you
    > need to monitor this group for a few weeks before going off half-****ed.


    I did not consider my response to be half-****ed, Jim. In addition, Moe is
    not exactly a stranger to me, albeit that there is a chance that he himself
    does not remember me - I am well-aware of the combined number of posters
    Moe and other regulars come to "meet" over the course of many years on many
    newsgroups, and therefore how difficult it is to keep track of them
    all. ;-)

    I've known Moe Trin to post here _and_ on other groups from way back when I
    first started posting on Usenet, back in ehm... was it 2001? As such, it
    is my experience that when old acquaintances get a little overzealous in
    throwing "a friendly punch", they are typically up for a returned "friendly
    punch", and that's all I was doing. ;-)

    Friends should be able to discuss things, tactfully if possible, and
    civilized in every way. Discussions are exchanges of viewpoints, ideas and
    information, and it's an indispensable part of what makes us all grow and
    learn as sentient lifeforms - those with hive minds not included, of
    course.

    > We have several new members since you left who are invaluable, and the
    > incidence of regular trouble-makers has dropped to almost nothing. (Knock
    > on wood, and taps head).


    So I have heard, yes. Despite my not being subscribed to either /A.O.L.M./
    group for a long time, I was still in regular contact with a few
    individuals from back then. However, I did not decide to come back
    to /A.O.L.M./ because of the news that the disruptive elements were gone,
    as I only got that news _after_ my announcement (via a personal e-mail to
    some people here) that I would be coming back.

    I've just recently bumped into Andy again on /comp.os.linux.hardware/ as
    well (a few days before my return here), albeit that I don't know whether
    he still resides in this particular corner of the Usenet. He was still
    quite new here on /A.O.L.M./ just prior to my departure.

    Many others have also moved on to different distros and the pertaining
    newsgroups, and as I have explained in one of my other posts, I myself
    intend to be using Gentoo for my main distribution - several
    paravirtualized installs in combination with Xen on a single physical
    machine - but I have still feel that I have ties with Mandrake/Mandriva as
    I'm still using it on this very machine here, and I intend to keep on using
    it for the future - unless Mandriva were to sign one of those agreements
    with Microsoft like so many distros already have, but then again I don't
    think they have that intention. ;-)

    "Linux-Mandrake 6.0 PowerPack" was my first distro ever, and up until a
    number of years ago I've stuck with it, both for personal use and on our
    organization's servers. I may not agree with the way the company has
    evolved and some of the decisions that they have made - Gentoo has surely
    had its problems as well, albeit that they are now working very hard to
    climb back out of that abyss - but I still think it's a good distro.

    Either way, whatever distro I'd be using, there will always be generic
    GNU/Linux things I can share my knowledge about, as well as some older but
    still relevant Mandr* experience, and of course I prefer doing that in a
    newsgroup I'm familiar with, such as this one. :-)

    (Note: the Gentoo group is also very helpful, but then again it's one of the
    groups in the /alt.*/ tree, which is less "Google Groups poster"-ridden and
    less chaotic than the groups under the /comp.os.*/ tree.)

    > This is worth noting before induling in your always-ready-to-argue style.


    Oh, I would not say I am "always ready to argue". I am always ready to
    debate something on which I have a strong opinion, sure, but a debate is
    not an argue. It can deteriorate to that, yes, but that is not what I
    prefer.

    > The latter is not necessarily wrong, but not always appropriate.


    Apparently there is a misunderstanding going on here, so I guess I'd better
    walk out of this thread now, before any more misunderstandings arise and
    things get out of control... :-/

    > Cheers!
    >
    > jim b.


    Good to see you too... ;-)

    --
    Aragorn
    (registered GNU/Linux user #223157)

  9. Re: Port 17550 UDP?

    Frank Dreyfus wrote:

    > I'm getting lots of traffic to UDP Port 17550. The are coming in from
    > all over the world.
    >
    > I've googled for this port but can't find anything.
    >
    > Any ideas?


    Figure out what application on your machine is using that port. For
    instance:

    lsof | grep 17550

    If you don't have lsof installed first do:

    urpmi lsof

    Regards,

    David Mathog

  10. Re: Port 17550 UDP?

    On Mon, 14 Apr 2008, in the Usenet newsgroup alt.os.linux.mandriva, in article
    <3hwMj.10080$Jl4.9720@newsfe16.ams2>, Aragorn wrote:

    >Moe Trin wrote:


    >> Not an unusual request, as UDP servers in that range are uncommon and
    >> that's why Bit Twister posted the Internet Storm Center URL.

    >
    >I take it you mean "usual" rather than "unusual"?


    No - the O/P is seeing something that is unusual, so it would not be
    unusual for him to ask WTF. (We're getting into the twisty ways of
    writing in English - "it would be usual for him to ask about the
    unusual" --> "it would not be unusual to ask about the unusual". Are
    we having fun yet?)

    >Windows *does* listen on all ports by default, and requires the user
    >to disable a number of "services" and/or make use of a userspace
    >firewall just to keep the blackhats out and the malware from phoning
    >home - which Windows XP apparently also seems wanting to do in its
    >default configuration.


    "listen on all ports by default" sounds very strange, but similar to
    what any other operating system does. Speaking only TCP (although UDP
    is handled the same way), all systems have "something" listening to
    all ports. It's a de-multiplexer, that looks at the port number and
    forwards the packet to the program that is servicing that port. If
    there is no program for that port, then the networking stack (part of
    the O/S) handles the packet by sending an ICMP error, _or_ by sending
    a IP 'RST' packet. So the bottom line is that "the network stack" is
    listening to all ports. Yes, that's true. But having some application
    server listening - no, not at all.

    >I got this information from a very Windows-centric computer magazine


    Without seeing the article, I can't imagine what the author may have
    been trying to talk about.

    >and in light of the many Windows-specific habituations GNU/Linux seem
    >to be exhibiting, pointing the above out is warranted. Concretely, in
    >the OP's case, if the machine is running GNU/Linux and he is not
    >running anything that listens on that port, his machine should be safe
    >from that specific type of unwanted connections.


    If you are running some version of windoze (I call it that to
    differentiate to "The X Window System") you have a useful command to run:

    netstat /an in a DOS window
    or
    netstat /ano for winXP

    which is supposed to give an output similar to 'netstat -antpu' in a
    modern version of Linux. The result is the same - if there isn't a
    process listening to that port, the connection is refused. There _were_
    exceptions such as the 'ping of death' but why would someone be running
    ancient unpatched software? (Ping of Death was win95 as I understand
    it - hardly something expected on todays Internet.)

    >As for /C.O.L.A.,/ been there, done that. It's a newsgroup infested with


    the clueless, which is why most sane people killfile anything crossposted
    to such groups. Unfortunately some of that sewage is seeping into other
    groups. I'm killing over 50 percent of the article in several groups
    just for that reason.

    Old guy

  11. Re: Port 17550 UDP?

    Moe Trin wrote:

    > On Mon, 14 Apr 2008, in the Usenet newsgroup alt.os.linux.mandriva, in
    > article <3hwMj.10080$Jl4.9720@newsfe16.ams2>, Aragorn wrote:
    >
    >> Moe Trin wrote:

    >
    >>> Not an unusual request, as UDP servers in that range are uncommon and
    >>> that's why Bit Twister posted the Internet Storm Center URL.

    >>
    >> I take it you mean "usual" rather than "unusual"?

    >
    > No - the O/P is seeing something that is unusual, so it would not be
    > unusual for him to ask WTF. (We're getting into the twisty ways of
    > writing in English - "it would be usual for him to ask about the
    > unusual" --> "it would not be unusual to ask about the unusual". Are
    > we having fun yet?)


    Ehmmmm... Oooo-kayyyy...

    >> Windows *does* listen on all ports by default, and requires the user
    >> to disable a number of "services" and/or make use of a userspace
    >> firewall just to keep the blackhats out and the malware from phoning
    >> home - which Windows XP apparently also seems wanting to do in its
    >> default configuration.

    >
    > "listen on all ports by default" sounds very strange, but similar to
    > what any other operating system does. Speaking only TCP (although UDP
    > is handled the same way), all systems have "something" listening to
    > all ports. It's a de-multiplexer, that looks at the port number and
    > forwards the packet to the program that is servicing that port. If
    > there is no program for that port, then the networking stack (part of
    > the O/S) handles the packet by sending an ICMP error, _or_ by sending
    > a IP 'RST' packet. So the bottom line is that "the network stack" is
    > listening to all ports. Yes, that's true. But having some application
    > server listening - no, not at all.


    Well, the way I heard/read about it is that Windows _does_ have services -
    or applications, if you will - listening on all ports by default, as part
    of a promiscuous "as long as it works" philosophy.

    The administrator would then have to shut off the unneeded services to make
    the system more secure, but given the rather obscure names of services and
    the poor documentation, this is not an easy task, and as even Windows (XP)
    "phones home", users tend to use software firewalls to prevent anything
    unwanted from phoning either in or out.

    >> I got this information from a very Windows-centric computer magazine

    >
    > Without seeing the article, I can't imagine what the author may have
    > been trying to talk about.


    Well, it's a self-acclaimed "serious computer magazine", but they are
    basically a bunch of amateurs whose mouths start drooling the second they
    hear the word "Microsoft" and who treat GNU/Linux like it were some kind of
    peculiar freak of nature.

    They will also never discuss any professional-grade hardware such as SAS or
    SCSI, or processors in the Opteron and Xeon ranges - not to mention
    UltraSPARC, MIPS, Alpha or PPC. They are also so "professional" that they
    label GNU/Linux, OpenOffice and whatever as "freeware". Yeah right...!

    Due to there only having been one issue in over an entire year that didn't
    have the word "Vista" on its coverpage - and this dates back to even before
    Vista was officially released - and the fact that they discuss a single and
    entire GNU/Linux distribution only once per six months, in an article of
    only a page to one page and a half while they smear out MS-Office, Vista
    and returning XP tips over four to six pages in just about every edition, I
    have finally decided to cancel my subscription.

    I had already planned on doing that earlier, but I just hadn't gotten around
    to it yet, and my subscription was paid automatically out of my account on
    an annual basis. I guess I had just never been aggravated enough to
    actually go to my bank and withdraw the automatic payment authorization
    until about two months ago.

    The subscription term ends this month, so I got the last magazine now, and
    I've paged through it with the same kind of disdain as I've been nurturing
    against that particular magazine for the past two to three years now, and
    then I threw it on the stack with the other ones. I have a couple of
    Windows-using friends, and they like to page through those when they come
    over. ;-)

    --
    Aragorn
    (registered GNU/Linux user #223157)

+ Reply to Thread