• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Attacks on port 64643

Anyone noticing an increased attack on port 64643? My firewall indicates that unused port blocking has blocked inbound TCP attempts on port 64643. This seems to happen multiple times per hour  and comes from various IP addresses. It is being blocked so I'm pretty sure I'm safe. Just wondering if this is part of a larger /global issue of cyber attack?

Replies

Kudos1 Stats

Re: Attacks on port 64643

Hi Calls:

Everthing seems fine over here.

As long as your Firewall is blocking the attemtps, I would not be concerned, IMO.

Dynamic and/or Private port range is: 49152–65535.

      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Kudos1 Stats

Re: Attacks on port 64643

The SANS Internet Storm Center doesn't show anything unusual: https://isc.incidents.org/port.html?port=64643

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Attacks on port 64643

Moved back to original thread by same author
Kudos0

Re: Attacks on port 64643

thanks Reese

Now let me note that my intrusion/protection was not disabled. In fact it does my heart good to know that such attempts are being blocked.

I have a question for clarification, and excuse me if this has already been answered before

I have a dynamic IP address, I think. If I log off the internet for more than 15 minutes, when I log back on, my ISP gives me a different IP Address

example pretend I currently have the IP Address from my ISP

65.235.123.124

ok then I log off and 2 hours later I log back on

My ISP gives me a new IP address

65.235.124.1

So now what if someone had this IP address before me and had no protection allowing other computers to connect to that computer? Since I now have an IP address that was on a compromised computer, would those other computers try to log on to that address even though it is now assigned to me? Is that why maybe there are these attempts to access certain ports because those other computers were allowed to do so with the last "owner" of the IP address now assigned to me?

Kudos1 Stats

Re: Attacks on port 64643


Calls wrote:

thanks Reese

Now let me note that my intrusion/protection was not disabled. In fact it does my heart good to know that such attempts are being blocked.

I have a question for clarification, and excuse me if this has already been answered before

I have a dynamic IP address, I think. If I log off the internet for more than 15 minutes, when I log back on, my ISP gives me a different IP Address

example pretend I currently have the IP Address from my ISP

65.235.123.124

ok then I log off and 2 hours later I log back on

My ISP gives me a new IP address

65.235.124.1

So now what if someone had this IP address before me and had no protection allowing other computers to connect to that computer? Since I now have an IP address that was on a compromised computer, would those other computers try to log on to that address even though it is now assigned to me? Is that why maybe there are these attempts to access certain ports because those other computers were allowed to do so with the last "owner" of the IP address now assigned to me?


With most ISPs you'll get the same address as you originally had unless you don't reconnect for at least a day. Your ISP might be near its limits, though, and your address might get recycled more quickly than that.

Anyhow, to answer your question, I actually had been think that this looked like you had been connected to a file sharing site such as BitTorrent but I also know that you personally aren't likely to go there. Having your address reassigned by your ISP resolves my conflict. The person who previously had your IP address probably was sharing some file that others wanted and the file sharing system hasn't flushed their address yet so people are probably trying to (unsuccessfully) download files from your system.

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation
Kudos0

Re: Attacks on port 64643

Hi Calls:

Quick question.

Are you on Dialup or Broadband? If on Broadband, your DHCP lease time is very short.

Usually it is anywhere from 1-3 days.

This is not a not indicative of a problem, just an observation.

Cheers!

      Plankton - MCSE, CSQE     - NIS 2009 • NIS 2010 -Windows XP • Vista • 7 • IE 8
Kudos0

Re: Attacks on port 64643

plankton--

reese explained some possiblities already

"With most ISPs you'll get the same address as you originally had unless you don't reconnect for at least a day. Your ISP might be near its limits, though, and your address might get recycled more quickly than that."

----"you better watch out for the whiplash!! thank you for taking the time to read my signature lol! ;]" -- Kaiser Wilhelm
Kudos0

Re: Attacks on port 64643


Plankton wrote:

Hi Calls:

Quick question.

Are you on Dialup or Broadband? If on Broadband, your DHCP lease time is very short.

Usually it is anywhere from 1-3 days.

This is not a not indicative of a problem, just an observation.

Cheers!


Plankton, I have DSL. I assume that is broad band? MY ISP will actually give me a new IP address if I logg of the internet and shut off m computer, if I am off even for as little as 15 minutes.

Kudos0

Re: Attacks on port 64643


reese_anschultz wrote:

Calls wrote:

thanks Reese

Now let me note that my intrusion/protection was not disabled. In fact it does my heart good to know that such attempts are being blocked.

I have a question for clarification, and excuse me if this has already been answered before

I have a dynamic IP address, I think. If I log off the internet for more than 15 minutes, when I log back on, my ISP gives me a different IP Address

example pretend I currently have the IP Address from my ISP

65.235.123.124

ok then I log off and 2 hours later I log back on

My ISP gives me a new IP address

65.235.124.1

So now what if someone had this IP address before me and had no protection allowing other computers to connect to that computer? Since I now have an IP address that was on a compromised computer, would those other computers try to log on to that address even though it is now assigned to me? Is that why maybe there are these attempts to access certain ports because those other computers were allowed to do so with the last "owner" of the IP address now assigned to me?


With most ISPs you'll get the same address as you originally had unless you don't reconnect for at least a day. Your ISP might be near its limits, though, and your address might get recycled more quickly than that.

Anyhow, to answer your question, I actually had been think that this looked like you had been connected to a file sharing site such as BitTorrent but I also know that you personally aren't likely to go there. Having your address reassigned by your ISP resolves my conflict. The person who previously had your IP address probably was sharing some file that others wanted and the file sharing system hasn't flushed their address yet so people are probably trying to (unsuccessfully) download files from your system.


Reese, so one might get stuck with some residue contacts left over from the last "owner" of the IP address assigned by my ISP?

Kudos0

Re: Attacks on port 64643


Calls wrote:

Reese, so one might get stuck with some residue contacts left over from the last "owner" of the IP address assigned by my ISP?


Correct

Reese AnschultzSenior Software Quality Assurance Manager, Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.