Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 27960

From: ggroves () F1RACING CO UK (David Groves)
Date: Tue, 21 Mar 2000 13:09:51 -0000

Nice and simple, its almost certainly Quake3.

Quake3 is simple to detect, even if being played on non standard
ports, since as part of an anti piracy procedure, it sends
key information to satan.idsoftware.com [192.246.40.37].

By blocking outgoing traffic to that you stop it from being played
on your internet connection, since it can't authenticate anymore.

David Groves
dgroves () cs strath ac uk

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Stuart Staniford-Chen
Sent: 17 March 2000 13:19
To: INCIDENTS () SECURITYFOCUS COM
Subject: Port 27960

I'm guessing this is another Internet game port.  Anyone know for sure?

Here's a sample piece of a scan detect.

Stuart.

Mar 13 18:50:33 xxx.xxx.xxx.xxx:1510 -> 208.25.112.20:53 UDP
Mar 13 18:50:33 xxx.xxx.xxx.xxx:27960 -> 192.246.40.56:27950 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 24.28.21.205:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 206.191.192.47:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 207.127.210.34:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 212.140.216.69:37963 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 212.140.216.69:37961 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 206.136.149.10:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 207.238.206.13:27965 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 207.105.234.8:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 210.97.228.42:27961 UDP
Mar 13 18:50:35 xxx.xxx.xxx.xxx:27960 -> 210.97.228.42:27963 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 216.202.141.69:27960 UDP
Mar 13 18:50:35 xxx.xxx.xxx.xxx:27960 -> 216.202.141.69:27963 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 195.250.175.164:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 209.30.137.20:27960 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 200.27.132.9:26000 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 212.93.4.18:27962 UDP
Mar 13 18:50:34 xxx.xxx.xxx.xxx:27960 -> 216.46.240.6:27962 UDP

--
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuart () silicondefense com
(707) 822-4588                     (707) 826-7571 (FAX)
Previous By Date Next
Previous By Thread Next

Current thread: