HPE Community
Operating System - HP-UX
1834646 Members
1927 Online
110069 Solutions
New Discussion

Port 1975?

 
SOLVED
Go to solution
Kathleen
Regular Advisor

‎05-16-2002 07:46 AM

‎05-16-2002 07:46 AM

Port 1975?

We are seeing some traffic on our network throught port 1975. Does anyone know what would run through that port (any specific apps or anything)?
Thanks

0 Kudos
Reply
7 REPLIES 7
Stefan Farrelly
Honored Contributor

‎05-16-2002 07:52 AM

‎05-16-2002 07:52 AM

Re: Port 1975?


1975 is too big to be registered to someone - its probably some local app or program which has just 'picked' a port to use. Its not on the list of registered TCP ports;

http://www.iana.org/assignments/protocol-numbers

and I cant find it on this site either;

http://www.chebucto.ns.ca/~rakerman/port-table.html

Check your /etc/services file just in case someone did bother to put it in there with a comment as to what its for, otherwise simply block it and wait and see who complains!


Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎05-16-2002 07:55 AM

‎05-16-2002 07:55 AM

Solution

Re: Port 1975?

Hi Kathleen,

Believe this is coming from advert.dll in a shareware program from aureate.com.
It uses CuteFTP to "pull" ads as a "price" for the shareware.
I HATE this stuff & am not sure if you can kill it.

See the following for more info


http://cert.uni-stuttgart.de/archive/incidents/1999/12/msg00009.html

http://www.shmoo.com/mail/fw1/msg01404.html

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
A. Clay Stephenson
Acclaimed Contributor

‎05-16-2002 07:56 AM

‎05-16-2002 07:56 AM

Re: Port 1975?

Since that is not a registered port, one approach would be to use lsof and grep for 1975. That should reveal the process in question.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎05-16-2002 07:57 AM

‎05-16-2002 07:57 AM

Re: Port 1975?

Here's some more definitive info:

http://lists.insecure.org/incidents/1999/Dec/0001.html

Includes links to aureate.com

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Jon Mattatall
Esteemed Contributor

‎05-16-2002 07:59 AM

‎05-16-2002 07:59 AM

Re: Port 1975?

Everything I can find suggests that the activity on 1975 is caused by freeware calling home, specifically things like GoZilla and CuteFTP. Check these security advisories....

http://www.onecall.net/policy_complaint.html#access-aureate

http://lists.insecure.org/incidents/1999/Dec/0001.html

Jon
A little knowledge is dangerous - none is absolutely terrifying!!!
Reply
George_Dodds
Honored Contributor

‎05-16-2002 08:02 AM

‎05-16-2002 08:02 AM

Re: Port 1975?

Gozilla uses this port

http://www.shmoo.com/mail/fw1/jun99/msg01404.html
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎05-16-2002 08:10 AM

‎05-16-2002 08:10 AM

Re: Port 1975?

Hi Kathleen

In our produciton env it was being used by a CCH process , I think the best bet would be find out using lsof .

May be you will look at :

"Our site had begun getting these port 1975 jewels several months back. When
I tracked it down to the originating IPs (several workstations had it..), I
found that the users had downloaded and installed the GoZilla! app. We're
fortunate here in that we have the latitude to deny usage of 'non-approved'
software within our WAN, so the short-term fix was simply to block the port
at the firewall system's inner router (keeps it out of your firewall's
logs), and to notify the users of their 'dead' app. Don't know of other
programs that may use the port, but DO know that it's usage isn't currently
validated at this location. Makes life a *bit* simpler for sysadmins when
the organization is willing to stand behind a documented security policy,
too ."

This is from google search on Port 1975.


Manoj Srivastava
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.