Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
George_Ellis
Advisor

Does anyone know what application likes to use ports xx114?

Hi folks,

I am trying to classify some traffic in the FW logs while doing rule remediation.  We have an application that I cannot identify that uses a range of ports, all ending in 114.  As I filter traffic to figure out what is going on I have collected a list.

not port:(17114 or 10114 or 9114 or 22114 or 20114 or 25114 or 23114 or 21114 or 16114 or 12114 or 15114 or 11114 or 19114)

Does anyone know an application that uses those?  Web searches did not do a good job of finding anything.

TIA

6 Replies
the_rock
Legend
Legend

Not much from AI copilot either, but I will keep checking, its very interesting query.

Andy

 

Screenshot_1.png

the_rock
Legend
Legend

Just did bunch of search on those ports and all I can find point they are related to some sort of network scanning.

Andy

George_Ellis
Advisor

It is workstations to workstations apparently.   I have seen it before, but finally wanted to categorize it.  I am not sure it is just in China, but it is not malicious.  Looks like a business app, but only used a couple times a day.

The joy of being under PCI-DSS and fixing things thereof.

the_rock
Legend
Legend

Bunch of sites also show those ports as uncategorized.

Andy

George_Ellis
Advisor

Yep.  I started at Speedguide dot net

 

George_Ellis
Advisor

I expanded my view on the subject, and there is a bunch of it.  It seems to be workstations to destinations including non-existent destinations.  My guess is some network browser function.  I don't think it is a MS browser function.  Maybe Ivanti, Crowdstrike, or other apps that think they should be nosey.  Just going to ignore it as I see it blocked in other regions with no reports of negative effects.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events