Possible back door unknown connection on port 1220

I ran the following at start up netstat -b 5 > activity.txt. Here is a line from the output file:

TCP    Chris-T42p:1220        c-24-6-141-198.hsd1.ca.comcast.net:24017  TIME_WAIT       0
  TCP    Chris-T42p:1241        192.168.1.6:http       TIME_WAIT       0
  TCP    Chris-T42p:1249        192.168.1.6:3128       TIME_WAIT       0
  TCP    Chris-T42p:1031        localhost:8200         SYN_SENT        3312
  [javaw.exe]

I don't know what is trying to connect to port 1220  in Canada, but I suspect it is not good. According to my Avast antivirus I don't have any problems. I cannot find much info by searching about port 1220. To provide a solution, please identify the program what is requesting this connection and how to remove it if it is bad. If it is benign, then just identifying it is OK. Thanks.
montana4meAsked:
Who is Participating?
 
al_ghamdiCommented:
QT SERVER ADMIN

this port is for quick time streaming.

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method

you can keep it open, but make sure to block 7070
0
 
montana4meAuthor Commented:
Hello al_ghamdi

How can I see for myself that the connection being made by Javaw.exe to c-24-6-141-198.hsd1.ca.comcast.net:24017 on port 1220 is being made by QT Server Admin?

If I can see it for myself, I would accept your answer.

Thanks.
0
 
ALNMOOCommented:
here you can see that 1220 is for QT server admin
http://www.seifried.org/security/ports/1000/1220.html

you need to becarefull about is there any backdoor or spyware use is using this port.
Also make sure that the service which using this port is the correct one.
make sure there is no exploit using for QT using this port.
finaly, if you don't need it close it even if it is safe!!

0
 
johnb6767Commented:
TCPView
http://www.microsoft.com/technet/sysinternals/Utilities/TcpView.mspx

GUI util similar to Netstat -abn that maps open ports to executables...
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.