Security Incidents mailing list archives
Port probe on 6666
From: "Vachon, Scott" <Scott.Vachon () PAYMENTECH COM>
Date: Thu, 27 Jul 2000 07:46:50 -0500
I hope this is the right forum for posting this. I had an attempt to connect to one of my systems last night and I am interested in opinions/insight from the incidents group. Information captured: An attempt was made to connect to port 6666 from the below listed IP address: notify-108.iap.bryant.webtv.net 209.240.199.146 on port 6666 UDP port 36063. I contacted the security folks at WebTV (Microsoft) and received the following response: There is a common misunderstanding concerning UDP Port 6666 probes. When WebTV Clients obtain an IP Address they are registered with that IP-Address in our system and stay registered until a timeout threshold is reached or are re-registered with a different IP-Address (whichever comes first.) If another system (Non-WebTV) obtains this same IP-Address previously used by a WebTV Client it may receive packets from our notify service attempting to tell the WebTV client it has mail. *** Security Analyst Microsoft Questions: 1) What is port 6666 (UDP port 36063) used for, if anything ? 2) Since the affected host (non WebTV) is not on the WebTV network, why would WebTV assume my host had been assigned an IP used formerly by one of their hosts ? 3) Has anyone else had this same experience from a WebTV host or service ? Thanks in advance. Scott Vachon Network Implementations Engineer Computer Network Services Paymentech, Inc.
Current thread:
- Port probe on 6666 Vachon, Scott (Jul 27)
- Re: Port probe on 6666 Bill Pennington (Jul 28)
- Re: Port probe on 6666 George H. Kyle IV (Jul 28)
- <Possible follow-ups>
- Re: Port probe on 6666 Ed Padin (Jul 28)