[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 820
  • Last Modified:

Have i been hacked ? Strange service entries being used on the firewall.

Hi All,

I have recently been getting a load of messages regarding port scans on my network and also now malformed ip packets being dropped protocol 17.

I have just l;ooked at my firewall and run a report based on "bandwidth usage by service" and have seen something i never usually see.

at the top there is internet email dns etc .. all teh usual stuff , but listed below all them are a load of tcp / and udp ports as folows :-
5 UDP Port 63570 (17,63570) 0.003
6 UDP Port 27545 (17,27545) 0.003
7 UDP Port 13661 (17,13661) 0.003
8 UDP Port 34103 (17,34103) 0.002
9 UDP Port 42183 (17,42183) 0.002
10 UDP Port 2632 (17,2632) 0.002
11 UDP Port 41829 (17,41829) 0.002
12 UDP Port 42188 (17,42188) 0.002
13 UDP Port 61130 (17,61130) 0.002
14 UDP Port 40384 (17,40384) 0.002
15 UDP Port 24668 (17,24668) 0.001
16 UDP Port 4484 (17,4484) 0.001
17 UDP Port 3853 (17,3853) 0.001
18 UDP Port 44023 (17,44023) 0.001

Have i been hacked ? What are all these ?

Please help

  • 3
  • 3
1 Solution
http:// thevpn.guruCommented:
Most propably these are the result of you using some p2p application such as limewire or utorrent, those could also be the result of Skype or some other VOIP application.

Are you using those ?
Port 17 could be also used as fraggle attack:


A similar attack to the "smurf" attack is called "fraggle" attack, which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf". Fraggle uses User Datagram Protocol (UDP) echo packets directed at the Unix UDP services echo (port 7), chargen (port 19), daytime (port13) and qotd (port 17).

For both the SMURF attack and the Fraggle attack, there are three parties in these attacks: the attacker, the intermediary, and the victim (note that the intermediary can also be a victim). In other words, you can be affected in one of several ways:

    * As a victim or target of the attack
    * As a network which is abused to amplify the attack
    * As a party harboring the instigator of the attack
MisterMoleyMoleAuthor Commented:
Thanks for the reply.

I am using skype on our network so is this whats causing this?  How can i double check and make sure i am not being hacked and attacked ?  If i am beig hacked what should i do about this. This is my first attack so i am unaware pf procedures to stop this.

Many Thanks
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

http:// thevpn.guruCommented:
5 UDP Port 63570 (17,63570) 0.003  judging from the "0.003" it does not seem to be a hacking attempt..what is the brand of your firewall ? apparently it seems you can stop this if you block all traffic that has the source port 17
MisterMoleyMoleAuthor Commented:
Its a sonicwall firewall - we are heavily using skype at the minute so is it not that  ?

http:// thevpn.guruCommented:
Well the thing is that skype client do act as STUN/TURN servers i.e. they do act as transition programs for other skype clients..especially those behind NAT firewalls...so it could be either that or something else...but  I would not worry about that traffic that much it is udp traffic and at very low percentages...try to monitor it over times when all the computers with skype clients are turned off ...or monitor it over a few days and check if the percentages change...but Skype definitely generates a lot of UDP traffic over random ports
MisterMoleyMoleAuthor Commented:
Many Thanks shakoush2001

I will do that


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now