Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 698
  • Last Modified:

Odd traffic generated from PC; sending syn request to 0.0.3.0

Odd traffic generated from PC; sending syn request to 0.0.3.0.  netstat is showing that it is sending to port 50797.  My watchguard firewall which is the default gateway is sending all kinds of errors on this.  I looked at taskmgr and the PID and matched them up but it matches to svchost service.

Any ideas?
0
PusciferManson
Asked:
PusciferManson
1 Solution
 
Kamran ArshadIT AssociateCommented:
Hi,

Port 50797 is used by IP Office;

http://www.tek-tips.com/faqs.cfm?fid=6353
0
 
dpk_walCommented:
There is a possibility of malwarel; if you wish you can create a service with explicitly denying this traffic outbound as below:
Custom-service-on-TCP-port-50797
Enabled and denied; from specific-machine-ip OR ANY; to ANY-External

Thank you.
0
 
Darr247Commented:
I'd bet on a webcam, myself.  50797 is not reserved for IP Office - it can be used by anything.

http://www.iana.org/assignments/port-numbers
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
PusciferMansonAuthor Commented:
I guess my biggest concern is what would it be sending to that IP address considering it isnt a valid IP address.  Now we do use IP office and this could be in some relation to that but I do not think that we use the Tapi portion of the ipo.
0
 
dpk_walCommented:
AFAIK 0.0.3.0 is used in cisco access list to specify subnet mask; can you run wireshark or some other packet capture tools and try looking what port/protocol/IP addresses are actually used rather than some other tool.
Packet capture would give us complete details, along with data that is being transmitted.

Thank you.
0
 
itsupportcciCommented:
This is typcially used by Call Manager by the IP Office application. I see it on my firewall looking almost like a broadcast also. What we've ran into is the application used to access a public IP address but now is working on an internal. For some reason the software is still looking outgoing for that port. An uninstall and then reinstall fixed the issue. Seems as though just changing the IP didn't get rid of the old IP completely.

Port 50797 (IPO TAPI): From an IP Office TAPI user PC.
0
 
Darr247Commented:
The Internet Assigned Numbers Authority (IANA) has changed the link to the list of well-known/assigned ports...
(formerly http://www.iana.org/assignments/port-numbers )
here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

The new versions have fields that note when the assignment was made and/or modified, along with a glossary of the acronymns used and a list of contact emails after the ports list.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now