- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Does anyone know what application likes to use...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know what application likes to use ports xx114?
Hi folks,
I am trying to classify some traffic in the FW logs while doing rule remediation. We have an application that I cannot identify that uses a range of ports, all ending in 114. As I filter traffic to figure out what is going on I have collected a list.
not port:(17114 or 10114 or 9114 or 22114 or 20114 or 25114 or 23114 or 21114 or 16114 or 12114 or 15114 or 11114 or 19114)
Does anyone know an application that uses those? Web searches did not do a good job of finding anything.
TIA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not much from AI copilot either, but I will keep checking, its very interesting query.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just did bunch of search on those ports and all I can find point they are related to some sort of network scanning.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is workstations to workstations apparently. I have seen it before, but finally wanted to categorize it. I am not sure it is just in China, but it is not malicious. Looks like a business app, but only used a couple times a day.
The joy of being under PCI-DSS and fixing things thereof.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bunch of sites also show those ports as uncategorized.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep. I started at Speedguide dot net
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I expanded my view on the subject, and there is a bunch of it. It seems to be workstations to destinations including non-existent destinations. My guess is some network browser function. I don't think it is a MS browser function. Maybe Ivanti, Crowdstrike, or other apps that think they should be nosey. Just going to ignore it as I see it blocked in other regions with no reports of negative effects.