Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp garcon garcon
udp applix Applix ac
tcp puprouter puprouter
udp puprouter puprouter
tcp Chatpower [trojan] Chat power
tcp DeepThroat [trojan] DeepThroat
tcp Foreplay [trojan] Foreplay
tcp WinSatan [trojan] WinSatan
Top IPs Scanning
Today Yesterday
80.75.212.75 (2035)87.121.69.52 (1694)
87.121.69.52 (1154)185.224.128.17 (426)
45.227.253.130 (91)80.75.212.75 (234)
90.151.171.106 (31)90.151.171.106 (46)
87.120.84.133 (31)87.120.84.131 (42)
87.120.84.132 (24)87.120.84.130 (41)
87.120.84.130 (23)45.227.253.130 (41)
87.120.84.131 (23)87.120.84.105 (39)
87.120.84.105 (23)87.120.84.132 (38)
91.92.251.254 (20)90.151.171.109 (31)
User Comments
Submitted By Date
Comment
Mikael Olsson 2009-10-04 18:45:22
Port 999, TCP as well as UDP, is also used for remote administration of Clavister Firewall (www.clavister.com). Recurring UDP 999 "probes" can mean that someone mistyped the address of a firewall in the management tool, which periodically (app. once a minute) "pings" all firewalls it knows about. High volumes of UDP 999 packets can also mean that a firewall was configured to send log data to the wrong IP address. (Perhaps a less likely mistake to make.) TCP traffic related to this is least likely to occur "frequently"; it will only occur when someone is manually trying to do something in the admin tool. Note that traffic related to Clavister Firewall management would be targeted against a single (or a few) IP addresses. Scan sweeps for port 999 covering several addresses would NOT be related to the above. Addresses like 1.2.3.4 and such are however known to be frequent targets of UDP 999 probes from multiple sources :)
2003-02-21 02:58:12
This port is also used by Microsoft ActiveSync and Pocket PC devices.
Top of page
CVE Links
CVE # Description
Top of page