Help Please

john5165 · Jan 28, 2003

Can anyone work out any reason why I am getting scanned on port 2745 about 3/4 times a minute?
It seems this port is used by Urbisnet? Anyone know what this is?
Here are the logs, any help would be much appreciated, thanks -

2003/01/28 22:22:08 148.88.163.185:2952 (sma081000002.lancs.ac.uk) 213.106.73.21:2745 URBISNET
2003/01/28 22:22:17 212.95.95.225:2751 213.106.73.21:2745 URBISNET
2003/01/28 22:22:37 80.6.82.140:1496 (pc3-swin2-5-cust140.oxfd.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:22:51 213.100.39.62:1898 (c213-100-39-62.swipnet.se) 213.106.73.21:2745 URBISNET
2003/01/28 22:22:52 131.111.221.137:1261 (stu-221-137.magd.cam.ac.uk) 213.106.73.21:2745 URBISNET
2003/01/28 22:23:47 62.195.72.49:2666 (node-d-4831.a2000.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:24:16 80.7.234.31:2592 (pc1-brig3-5-cust31.brtn.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:24:49 217.122.123.15:3903 (cp317937-a.landg1.lb.home.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:24:51 131.211.233.250:1186 (250pc233.sshunet.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:25:38 195.130.249.10:3594 (

http://www1.musix.it)

213.106.73.21:2745 URBISNET
2003/01/28 22:25:42 213.44.195.121:2510 (lns10m-12-121.w.club-internet.fr) 213.106.73.21:2745 URBISNET
2003/01/28 22:25:51 131.111.221.137:1261 (stu-221-137.magd.cam.ac.uk) 213.106.73.21:2745 URBISNET
2003/01/28 22:26:20 80.7.234.31:2592 (pc1-brig3-5-cust31.brtn.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:27:06 213.66.0.61:3685 (RAGGARN) 213.106.73.21:2745 URBISNET
2003/01/28 22:30:38 131.211.233.250:1186 (250pc233.sshunet.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:31:03 194.235.129.24:1214 (fragg.leodr.org) 213.106.73.21:2745 URBISNET
2003/01/28 22:31:50 213.44.195.121:2510 (lns10m-12-121.w.club-internet.fr) 213.106.73.21:2745 URBISNET
2003/01/28 22:32:06 80.7.234.31:2592 (pc1-brig3-5-cust31.brtn.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:32:06 80.7.234.31:2592 (pc1-brig3-5-cust31.brtn.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:33:08 62.194.3.34:2816 (node-c-0322.a2000.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:33:59 217.122.123.15:3903 (cp317937-a.landg1.lb.home.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:34:12 131.211.233.250:1186 (250pc233.sshunet.nl) 213.106.73.21:2745 URBISNET
2003/01/28 22:34:30 63.162.100.49:1765 (HALLIE) 213.106.73.21:2745 URBISNET
2003/01/28 22:35:13 212.118.91.119:2139 (VINCETIC) 213.106.73.21:2745 URBISNET
2003/01/28 22:35:13 195.130.249.10:3594 (

http://www1.musix.it)

213.106.73.21:2745 URBISNET
2003/01/28 22:35:15 80.7.234.31:2592 (pc1-brig3-5-cust31.brtn.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:35:26 80.6.82.140:1496 (pc3-swin2-5-cust140.oxfd.cable.ntl.com) 213.106.73.21:2745 URBISNET
2003/01/28 22:35:36 130.184.51.95:2843 213.106.73.21:2745 URBISNET

browolf · Jan 30, 2003

the only urbisnet i can find is cleverly named company urbis.net
there doesnt seem to be an urbisnet program.

===============
Security Forums

http://www.security-forums.com

SgtB · Feb 4, 2003

http://www.urbis.net/

It looks like its a network monitor.
It actually retrieves info from the source. (this would be the inbound packets I'm sure.) Example, it states that it can get the country of he ICQ user you are chatting with...those packets are sent back to you on port 2745.
If you do not have urbisnet installed then.....things could get more complicated.

Either way, you're blocking this at your firewall, so its no big deal. ________________________________________
Check out

http://www.security-forums.com

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Help Please

john5165

Technical User

browolf

Programmer

SgtB

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor