Possible back door unknown connection on port 1220

Posted on 2007-10-06
Last Modified: 2013-12-04
I ran the following at start up netstat -b 5 > activity.txt. Here is a line from the output file:

TCP    Chris-T42p:1220  TIME_WAIT       0
  TCP    Chris-T42p:1241       TIME_WAIT       0
  TCP    Chris-T42p:1249       TIME_WAIT       0
  TCP    Chris-T42p:1031        localhost:8200         SYN_SENT        3312

I don't know what is trying to connect to port 1220  in Canada, but I suspect it is not good. According to my Avast antivirus I don't have any problems. I cannot find much info by searching about port 1220. To provide a solution, please identify the program what is requesting this connection and how to remove it if it is bad. If it is benign, then just identifying it is OK. Thanks.
Question by:montana4me

    Accepted Solution


    this port is for quick time streaming.

    Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method

    you can keep it open, but make sure to block 7070

    Author Comment

    Hello al_ghamdi

    How can I see for myself that the connection being made by Javaw.exe to on port 1220 is being made by QT Server Admin?

    If I can see it for myself, I would accept your answer.

    LVL 7

    Assisted Solution

    here you can see that 1220 is for QT server admin

    you need to becarefull about is there any backdoor or spyware use is using this port.
    Also make sure that the service which using this port is the correct one.
    make sure there is no exploit using for QT using this port.
    finaly, if you don't need it close it even if it is safe!!

    LVL 66

    Assisted Solution


    GUI util similar to Netstat -abn that maps open ports to executables...
    LVL 1

    Expert Comment

    Forced accept.

    EE Admin

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now