Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

jason.grover

11 Posts

4935

December 22nd, 2008 11:00

Router blasted with port 61849 requests

I've recently started reviewing my networking logs from my router and I've found it's just buried with these entries, like thousands per hour.

 

I've done some searching and I can't find anything specific to port 61849. The good news is, my router seems to be doing it's job by blocking all these port requests, but I'm wondering if anyone has any idea of what it could be. The source IP's are all over the map.

 

Any suggestions on how to track down the source application(s) and/or stop these requests?

[INFO] Mon Dec 22 10:45:10 2008 Blocked incoming TCP connection request from 69.129.127.159:60663 to 98.232.xxx.xxx:61849
[INFO] Mon Dec 22 10:45:10 2008 Blocked incoming TCP connection request from 82.199.109.118:4775 to 98.232.xxx.xxx:61849
[INFO] Mon Dec 22 10:45:10 2008 Blocked incoming TCP connection request from 87.227.6.182:53366 to 98.232.xxx.xxx:61849
[INFO] Mon Dec 22 10:45:08 2008 Blocked incoming TCP connection request from 99.20.39.181:55708 to 98.232.xxx.xxx:61849
[INFO] Mon Dec 22 10:45:08 2008 Blocked incoming TCP connection request from 24.150.139.246:60563 to 98.232.xxx.xxx:61849

Sorry if this is taboo - not exactly Dell related, except my wife has a 1525 and I a Studio 17. :)



Thanks you guys!

jason.grover

11 Posts

December 22nd, 2008 15:00

Thanks for looking those up, dgkpcon.

 

Turns out it was a bit torrent client running on one of our machines and those were failed attempts to connect. That port was the randomly selected port in the client...  I had just installed it the other day when getting a linux distro and forgot about it while it was seeding. 

 

Nothing like spinning my own wheels!

 

Jason

 

 

 

 

dgkpcon

3.6K Posts

December 22nd, 2008 15:00

The first packet came from Madison.

Second packet came from Moskva,Russia.

Third packet came from Stockholm.

Fourth packet came from Houston TX.

Fifth packet came from Burlington,just below Toronto Canada.

I have Mcafee Toatal Protection and the one advantage of this is,it lets you trace the I.P address and source.

Larry R

2 Intern

 • 

1.7K Posts

December 26th, 2008 10:00

To me that looks like an attempt to get into the machine using a known vulnerability or infection.  More than likely its not aimed specifically at your computer, but is instead infected machines "looking" for systems to get into.  As you say, it looks like the firewall is doing its job.

[edit] Ah, I didn't even think about p2p software. That would definitely account for it as well.

Was this post helpful?

View All

Top