[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Irc servers -- Was :Anyone know what TCP port 59 is used for?

To: <packeteer-edu@lists.Stanford.EDU>
Subject: Irc servers -- Was :Anyone know what TCP port 59 is used for?
From: "Scott Thomas" <scottt@em.cortland.edu>
Date: Wed, 15 Jan 2003 23:28:41 -0500
Sender: owner-packeteer-edu@lists.Stanford.EDU
Thread-index: AcK8/6YvK2fDaqJvRvqKYwelRWSGZwAF3mfQ
Thread-topic: Irc servers -- Was :Anyone know what TCP port 59 is used for?

On a related note...

I was watching an increase of IRC outbound traffic here.

Upon investigation, I found these machines to be Faculty Office
machines.  

I visited one and found it was an unpatched win2k SP2 box.
Someone had hacked in and installed a bunch of services under the
service name firedaemon
(which is the name of the program they use to load programs such as IRC
servers as a service)

I am finding more and more of these machines hacked in to every day.  If
anyone is interested, I can provide more info.


Scott Thomas
SUNY Cortland

-----Original Message-----
From: John [mailto:jjh@oitsec.umn.edu] 
Sent: Wednesday, January 15, 2003 8:27 PM
To: packeteer-edu@lists.Stanford.EDU
Subject: Re: Anyone know what TCP port 59 is used for?


Well, here's my guess...

This port is typically used to transfer files (DCC) between irc clients.
If your seeing lots of it, it usually means someone is sharing lots of
stuff on irc.  Typically the program mIRC + scripts is responsible for
this sort of thing.

See mirc  : http://www.mirc.com/
Dcc setup : http://lordwolf.com/mirchelp/dcc_server.htm
irc info  : http://www.irchelp.org


On Wed, Jan 15, 2003 at 05:47:15PM -0500, Joe Pautler wrote:
> 
> Hello everyone,
> 
> We are seeing a large volume of outbound traffic (from our residence 
> halls) on TCP port 59.  Our packetshaper 8500 (sw version 5.3) is 
> unable to classify the traffic...it puts it in 
> /Outbound/DiscoveredPorts/TCP_Port_59.
> 
> Does anyone have any idea what application might be using
> TCP port 59?  We have done some google searches, but haven't really 
> found anything.
> 
> Thanks...
> 
>
________________________________________________________________________
___
> Joe Pautler, EIT                                University at Buffalo
> CIT/OSS Network Engineering                     224 Computing Center
> http://www.oss.buffalo.edu/~pautler             (716) 645-3536
> 
> -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
> This message was posted through the Stanford mailing list server. To 
> subscribe/unsubscribe, send email to majordomo@lists.stanford.edu with

> "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.

> Archive is at http://www.stanford.edu/group/networking/netlists/
-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu with
"subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.
Archive is at http://www.stanford.edu/group/networking/netlists/
-++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**
This message was posted through the Stanford mailing list server. To
subscribe/unsubscribe, send email to majordomo@lists.stanford.edu
with "subscribe packeteer-edu" or "unsubscribe packeteer-edu" as the body.  Archive
is at http://www.stanford.edu/group/networking/netlists/

Prev by Date: Re: Anyone know what TCP port 59 is used for?
Next by Date: IRC servers -- Hacked
Previous by thread: Re: Anyone know what TCP port 59 is used for?
Next by thread: IRC servers -- Hacked
Index(es):
- Date
- Thread