Solved

Odd traffic generated from PC; sending syn request to 0.0.3.0

Posted on 2008-10-06
7
685 Views
Last Modified: 2012-05-05
Odd traffic generated from PC; sending syn request to 0.0.3.0.  netstat is showing that it is sending to port 50797.  My watchguard firewall which is the default gateway is sending all kinds of errors on this.  I looked at taskmgr and the PID and matched them up but it matches to svchost service.

Any ideas?
0
Comment
Question by:PusciferManson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 22652977
Hi,

Port 50797 is used by IP Office;

http://www.tek-tips.com/faqs.cfm?fid=6353
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22656961
There is a possibility of malwarel; if you wish you can create a service with explicitly denying this traffic outbound as below:
Custom-service-on-TCP-port-50797
Enabled and denied; from specific-machine-ip OR ANY; to ANY-External

Thank you.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22657093
I'd bet on a webcam, myself.  50797 is not reserved for IP Office - it can be used by anything.

http://www.iana.org/assignments/port-numbers
0
Ransomware - Can it be prevented?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 

Author Comment

by:PusciferManson
ID: 22661475
I guess my biggest concern is what would it be sending to that IP address considering it isnt a valid IP address.  Now we do use IP office and this could be in some relation to that but I do not think that we use the Tapi portion of the ipo.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22692629
AFAIK 0.0.3.0 is used in cisco access list to specify subnet mask; can you run wireshark or some other packet capture tools and try looking what port/protocol/IP addresses are actually used rather than some other tool.
Packet capture would give us complete details, along with data that is being transmitted.

Thank you.
0
 
LVL 1

Accepted Solution

by:
itsupportcci earned 500 total points
ID: 22909684
This is typcially used by Call Manager by the IP Office application. I see it on my firewall looking almost like a broadcast also. What we've ran into is the application used to access a public IP address but now is working on an internal. For some reason the software is still looking outgoing for that port. An uninstall and then reinstall fixed the issue. Seems as though just changing the IP didn't get rid of the old IP completely.

Port 50797 (IPO TAPI): From an IP Office TAPI user PC.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 36538092
The Internet Assigned Numbers Authority (IANA) has changed the link to the list of well-known/assigned ports...
(formerly http://www.iana.org/assignments/port-numbers )
here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

The new versions have fields that note when the assignment was made and/or modified, along with a glossary of the acronymns used and a list of contact emails after the ports list.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question