TCP port ddt_1052 nimireg_1059
- From: "BY" <bysoo@xxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 18 Mar 2002 08:26:39 +1100
Dear all,
Looking at the firewall checkpoint log nearly a week, I have been
constantly seeing many failing attempts from an internal PC with the
above services
I still don't know the IP address of the internal PC as the firewall
logs shows the Proxy Server is actually source and Firewall the target
destination. I have also run "netstat -a" from Proxy Server many times,
don't seem to see those port 1052 & 1059 are running at all.
Scenario 1
==========
An INTERNAL PC --> Proxy Server --> Firewall with services port 1052
DROP
Scenario 2
==========
An INTERNAL PC --> Proxy Server --> Firewall with services port 1059
DROP
I have been told ddt_1052 is dynamic dns tool. I don't think Proxy run
this service locally. Is this then run by a user who is doing some
naughty work? I don't know what both services are doing really.
Your tips would be much appreciated. I am a new learner about security &
network packets. Have you seen this before? Where to from here really?
Thanks muchly.
BY
Other related posts:
- » TCP port ddt_1052 nimireg_1059
