Solved

Odd traffic generated from PC; sending syn request to 0.0.3.0

Posted on 2008-10-06
7
682 Views
Last Modified: 2012-05-05
Odd traffic generated from PC; sending syn request to 0.0.3.0.  netstat is showing that it is sending to port 50797.  My watchguard firewall which is the default gateway is sending all kinds of errors on this.  I looked at taskmgr and the PID and matched them up but it matches to svchost service.

Any ideas?
0
Comment
Question by:PusciferManson
7 Comments
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 22652977
Hi,

Port 50797 is used by IP Office;

http://www.tek-tips.com/faqs.cfm?fid=6353
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22656961
There is a possibility of malwarel; if you wish you can create a service with explicitly denying this traffic outbound as below:
Custom-service-on-TCP-port-50797
Enabled and denied; from specific-machine-ip OR ANY; to ANY-External

Thank you.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22657093
I'd bet on a webcam, myself.  50797 is not reserved for IP Office - it can be used by anything.

http://www.iana.org/assignments/port-numbers
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:PusciferManson
ID: 22661475
I guess my biggest concern is what would it be sending to that IP address considering it isnt a valid IP address.  Now we do use IP office and this could be in some relation to that but I do not think that we use the Tapi portion of the ipo.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22692629
AFAIK 0.0.3.0 is used in cisco access list to specify subnet mask; can you run wireshark or some other packet capture tools and try looking what port/protocol/IP addresses are actually used rather than some other tool.
Packet capture would give us complete details, along with data that is being transmitted.

Thank you.
0
 
LVL 1

Accepted Solution

by:
itsupportcci earned 500 total points
ID: 22909684
This is typcially used by Call Manager by the IP Office application. I see it on my firewall looking almost like a broadcast also. What we've ran into is the application used to access a public IP address but now is working on an internal. For some reason the software is still looking outgoing for that port. An uninstall and then reinstall fixed the issue. Seems as though just changing the IP didn't get rid of the old IP completely.

Port 50797 (IPO TAPI): From an IP Office TAPI user PC.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 36538092
The Internet Assigned Numbers Authority (IANA) has changed the link to the list of well-known/assigned ports...
(formerly http://www.iana.org/assignments/port-numbers )
here are the new URLs:

XML version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
Text version - http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

The new versions have fields that note when the assignment was made and/or modified, along with a glossary of the acronymns used and a list of contact emails after the ports list.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding in Cisco RV215w 2 55
SonicWALL SIP Transformation Problem 4 86
Cisco Supervisor upgrade to 2T 3 65
slow vpn connection 9 65
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question