cancel
Showing results for 
Search instead for 
Did you mean: 

Security problem?

domingopuss
Dabbler
Posts: 16
Registered: 04-12-2007

Security problem?

Hi,
I've just noticed that I'm being sent UDP packets every few seconds; Source port is 38389, Dest port is 62429.  The source IP is an NTL/Virgin media one. 
Anyone know if this is a potential security risk?

Ta
D
6 REPLIES
ddunford
Grafter
Posts: 114
Registered: 05-04-2007

Re: Security problem?

Nope, but if its coming from NTL/Virgin i would suggest reporting it to there support team.
domingopuss
Dabbler
Posts: 16
Registered: 04-12-2007

Re: Security problem?

Thanks.  Do you think its someone scanning for an open port or something?  I'm behind a router, so I'm not sure how it's getting past that?
MickKi
Grafter
Posts: 543
Registered: 30-09-2007

Re: Security problem?

If you are running MSWindows run netstat -ano to see what is listening on your port 62429, identify the process and check it out on your Task Manager (you can also use TCPView).  If you are running AppleMac/Linux run netstat -anop to see the relevant process and if it does not show under top, check it out with lsof -p & -P options to see if anything fishy is running there.
The worry is not that something/one from virgin.net is scanning your address, but that your machine is listening to it and potentially responding.
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Security problem?

If you are behind a router using NAT and you are receiving the data, it may be delayed data that is valid, as your router is choosing to forward it on.
Do you have any, or recently had (as in a few hours prior to it being received) software that performed transfers such as P2P software, iPlayer software, Sky anytime, 4 On Demand or similar?
domingopuss
Dabbler
Posts: 16
Registered: 04-12-2007

Re: Security problem?

Hi,
Thanks for the replies guys.  I've ran netstat and all appears fine.  Nothing listening on that port and the UDP packets have stopped coming.  I was running P2P earlier in the day, so that was probably the culprit.
Cheers
D. 
prichardson
Grafter
Posts: 1,503
Registered: 05-04-2007

Re: Security problem?

Very likely the cause.
Because UDP connections are stateless (there are no packets which state connection open, close, keepalive), the router has to guess when the connection may be closed.
Sometimes this means the only way to do this is to leave the connection open for hours, just in case.
P2P software makes this worse, because for hours afterwards some data may occasionally come through if the P2P network has stale data saying you are active on the network.