• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

What is UDP Port 1025?

P

Praetor

Diamond Member
I'm running WinXP with ZoneAlarm Pro (2.6.357) and I've been getting reports of all kinds of attempted connects on UDP Port 1025 for the past few days, definately at least 500 within the past week. Any idea what's going on? Here's an example of one such report:



<< The firewall has blocked Internet access to your computer (UDP Port 1025) from 211.90.0.6 (UDP Port 46278). >>



The last UDP Port (after the attempted IP address) changes each time though.
 


<< Remote Storm trojan uses tcp/udp 1024. >>

Some trojans simply use the first available port they can get, which in many cases is 1024 as outlined in this excellent FAQ (courtesy of RagManX in an earlier thread).

Also, here is the comprehensive list of IANA assigned port numbers (courtesy of JackMDS in that same thread).
 
As far as I can tell, I haven't been infected by a virus. I scan any and all files that I download from the 'net, automatically refuse any e-mails with attachments, and have NAV2002 running continuously. I think this all started just after the AOL AIM security hole was made public and I did come home from work that night to find that I had been signed off. Is it possible that someone managed to send a virus that way? I thought the hole only allowed running programs already installed on the user's computer...

And what's Remote Storm? (as I hit google to find out for myself)
 
Are you running off a cable, or DSL connection?

While on DSL each one is on his own line, it is not the same with most cable services.

The way cable connection is arranged. The user is a part of a node. If there is an other user with problematic system, they can end up pinging and scanning the node, most of the time without their own knowledge.

This is one of the reasons to maintain good software Firewall beyond the Router?s Firewall.

It is usually not dangerous, but it slows down the connection.
If this will continue, call your ISP,
 
I've been doing some research into this "Remote Storm" trojan, and I think it's safe to say that that is not what is causing this problem. I don't have any of the files or registery keys necessary for it to operate and haven't experienced any of the effects the original README file claims to cause.

To your question JackMDS, yes I am on a cable connection without a hard firewall/router. I have been on this connection and IP since my move a week previous without any ill effects from my transfer. I do get the occasional FTP attempts and @Home's standard 3 port probe every once in while and a random TCP connection request, but those are far and few between. 98% of all the attempts in the logs have been on UDP 1025 and always from completely different IP addresses. As far as I can tell, there is no pattern from the source. (ie no common range or physical locale) The only thing common in the ZoneAlarm log is the attempted UDP port number.

I've updated my virus definitions with Norton and my system has thus far come out clean.

I dunno. The only thing I could come up with was the AIM connection, because I believe that this started at the same time the hole was reported. I'm going to stay offline of AIM and see if the number of attempts drop off drastically or not. They have started to drop off a tad in the past day or two, but are still huge numbers. (100-some attempts in the past 12 hours.)
 


<< Someone is trying to play network blackjack with you. >>



Is this code for something? Or is this literally a game?
 
What it means is that some of your neighbors are ?enjoying? playing in virtual Casinos.

It is a good idea to get Cable/DSL Router even if you don?t have a network (it provides cheap inbound Hardware Firewall).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top