Incoming Log port 58741

JimC asked 2 years ago

I was checking my router's incoming log today, and see incoming traffic to Port 58741 from addresses located in the Ukraine, Germany, Poland and Spain. Most of the entries are coming from the Ukraine.

There are no other incoming connections other than those going to Port 58741.

The router is a Linksys WRT54G and it's Firewall is enabled and no ports are forwarded.

I can test a connection to that port via a browser, and it works (going to a blank text page) like this:

[url]http://myipaddress:58741[/url]

When I use custom ports scans from external sites, it shows that port as open for tcp trafffic. For example, this probe:

[url]https://www.grc.com/x/portprobe=58741[/url]

Surrounding ports appear to be closed using user defined custom scans. See a screen capture showing results of a scan like that here:

[url]http://dl.dropbox.com/u/4536228/port_scan1.jpeg[/url]

Again, I have no ports forwarded from my router, yet I connect to a blank text page if I access that port like this:

[url]http://myipaddress:58741[/url]

Any ideas as to what is going on here?

2 Answers
JimC answered 2 years ago

Found it. Skype was causing it.

When I tested all of my internal addresses (versus my external IP address) using that port, I was able to connect to my wife's laptop (using [url]http://192.168.1.104:58714[/url] since the router had assigned 192.168.1.104 to it). I checked to see what was running on it and Skype was the culprit.

Closing Skype solved it, and external scans now show port 58714 is closed.

Shnerdly Staff answered 2 years ago

This is some thing that should be of concern. I tried it with your link and also your true IP and got the same result. I checked other networks I work with and did not get the same result.

There are programs out there that use SSH .net and Java that are able to directly interact with the internet regardless of router settings.

The problem could be a virus or trojan on one of your computers. I would suggest a complete scan of all computers using that Internet connection including RootKit scans.

Until you resolve this, do not do any online banking or things that could put your personal resources at risk.

To isolate the infected computer or computers, You could turn all of the computers off and try the port from another location. Perhaps a friend could be trying the port as you restart each computer. I would give it about 5 minutes of run time for each computer to give it time to make it's connection before trying the port or ruling a computer out. I would also try each computer separately, one at a time, in case there are multiple problems.

I am very interested in helping resolve this. Please keep us up to date with the progress and the solution so others, including myself, may be educated.

Addition:
This could also be a problem with any other device that is connected to your network. A TV, DVD Player, Blu-Ray Player, Wii, xBox, etc. Many of them run auto updaters that may be in constant contact with a server AND many of them run Java OS's so they are perfectly able to be infected with malware.

Also, if you have wireless in the building, it could be someone else connected to your network despite any security you have in place. If the desire is strong enough, any wireless connection can be hacked.

Know the answer? Login or sign up for an account to answer this question.
Sign Up