Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Someone is scanning port 1663..

Status
Not open for further replies.
paul123456

paul123456

Technical User
Apr 29, 2002
518
US
Hi i have my firewall setup to were it emials me if there any attacks done to it. it has emailed me 75 times last night and all were blocked. it has muliple source ip address.. the destination address is ofcourse me but it is using multiple source ports to get to port 1663 I did a search for it on the net and only found that it's common name is netviewaix2 netviewaix3. Does anyone know what port 1663 and what a hacker could used this port for? what information can he/she get from it? or does someone no of any exploits in win2k server?

Thanks, PAUL

 
Sort by date Sort by votes
as long as you don't see something like this you are ok ;)

TCP datding:1663 XCNLM02S:nbsession ESTABLISHED
 
Upvote 0 Downvote
well i dunno what happend but i just got a notification...If you can as you say "as long as it not this" i would like to no what is this..what does it do...and how is it caused? and what can i do from preventing it? what is it? explain plz

Thanks, PAUL

 
Upvote 0 Downvote
You can't stop it - it's someone on the other end of the connection (or their software) attempting to connect to your machine.

It may be an innocent mistake (transposed IP address numbers), or someone scouting for an open system. Best to look up their ISP and have them send them a "don't do that" email.

What you shouldn't do is attempt to contact them yourself - there have been instances where a person was hauled into court be cause the other person (who initiated it in the first place) called the cops.

Chip H.
 
Upvote 0 Downvote
i have to agree with chiph.

as of now, i do not know of any exploits here - i even did a google search.

if it continues, do a lookup on the ip and report it.
 
Upvote 0 Downvote
Unless you are running AIX with Netview don't worry about it unless of course they connect. It is just someone fishing. 1663 is the tcp port that Netview uses on AIX machines and there are known issues with Netview.
 
Upvote 0 Downvote
And of it's always possible that is a script kiddy trying to connect to a trojan, you can generally set those up for any port you wish.

Still, as whee said as long as your firewall is blocking it your ok.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
579
XLNTech1
XLNTech1
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
219
RodneyMcSnow
RodneyMcSnow
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
576
nnaarrnn
nnaarrnn
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
521
MottoK
MottoK
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
188
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top