Solved

Odd traffic generated from PC; sending syn request to 0.0.3.0

Posted on 2008-10-06
7
684 Views
Last Modified: 2012-05-05
Odd traffic generated from PC; sending syn request to 0.0.3.0.  netstat is showing that it is sending to port 50797.  My watchguard firewall which is the default gateway is sending all kinds of errors on this.  I looked at taskmgr and the PID and matched them up but it matches to svchost service.

Any ideas?
0
Comment
Question by:PusciferManson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 22652977
Hi,

Port 50797 is used by IP Office;

http://www.tek-tips.com/faqs.cfm?fid=6353
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22656961
There is a possibility of malwarel; if you wish you can create a service with explicitly denying this traffic outbound as below:
Custom-service-on-TCP-port-50797
Enabled and denied; from specific-machine-ip OR ANY; to ANY-External

Thank you.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22657093
I'd bet on a webcam, myself.  50797 is not reserved for IP Office - it can be used by anything.

http://www.iana.org/assignments/port-numbers
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:PusciferManson
ID: 22661475
I guess my biggest concern is what would it be sending to that IP address considering it isnt a valid IP address.  Now we do use IP office and this could be in some relation to that but I do not think that we use the Tapi portion of the ipo.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22692629
AFAIK 0.0.3.0 is used in cisco access list to specify subnet mask; can you run wireshark or some other packet capture tools and try looking what port/protocol/IP addresses are actually used rather than some other tool.
Packet capture would give us complete details, along with data that is being transmitted.

Thank you.
0
 
LVL 1

Accepted Solution

by:
itsupportcci earned 500 total points
ID: 22909684
This is typcially used by Call Manager by the IP Office application. I see it on my firewall looking almost like a broadcast also. What we've ran into is the application used to access a public IP address but now is working on an internal. For some reason the software is still looking outgoing for that port. An uninstall and then reinstall fixed the issue. Seems as though just changing the IP didn't get rid of the old IP completely.

Port 50797 (IPO TAPI): From an IP Office TAPI user PC.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 36538092
The Internet Assigned Numbers Authority (IANA) has changed the link to the list of well-known/assigned ports...
(formerly http://www.iana.org/assignments/port-numbers )
here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

The new versions have fields that note when the assignment was made and/or modified, along with a glossary of the acronymns used and a list of contact emails after the ports list.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ping configured interface on Sonicwall 16 69
Resource timeout across a VPN 9 27
VLAN Question 7 44
Performance monitors 6 47
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question