Possible back door unknown connection on port 1220

Posted on 2007-10-06
Medium Priority
Last Modified: 2013-12-04
I ran the following at start up netstat -b 5 > activity.txt. Here is a line from the output file:

TCP    Chris-T42p:1220        c-24-6-141-198.hsd1.ca.comcast.net:24017  TIME_WAIT       0
  TCP    Chris-T42p:1241       TIME_WAIT       0
  TCP    Chris-T42p:1249       TIME_WAIT       0
  TCP    Chris-T42p:1031        localhost:8200         SYN_SENT        3312

I don't know what is trying to connect to port 1220  in Canada, but I suspect it is not good. According to my Avast antivirus I don't have any problems. I cannot find much info by searching about port 1220. To provide a solution, please identify the program what is requesting this connection and how to remove it if it is bad. If it is benign, then just identifying it is OK. Thanks.
Question by:montana4me

Accepted Solution

al_ghamdi earned 672 total points
ID: 20028212

this port is for quick time streaming.

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method

you can keep it open, but make sure to block 7070

Author Comment

ID: 20028418
Hello al_ghamdi

How can I see for myself that the connection being made by Javaw.exe to c-24-6-141-198.hsd1.ca.comcast.net:24017 on port 1220 is being made by QT Server Admin?

If I can see it for myself, I would accept your answer.


Assisted Solution

ALNMOO earned 664 total points
ID: 20028552
here you can see that 1220 is for QT server admin

you need to becarefull about is there any backdoor or spyware use is using this port.
Also make sure that the service which using this port is the correct one.
make sure there is no exploit using for QT using this port.
finaly, if you don't need it close it even if it is safe!!

LVL 66

Assisted Solution

johnb6767 earned 664 total points
ID: 20031984

GUI util similar to Netstat -abn that maps open ports to executables...

Expert Comment

ID: 20237707
Forced accept.

EE Admin

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question