Author Topic: Net Security - What is TCP 2703 port for? (Read 18922 times)

sarraceno · « **on:** February 26, 2015, 07:34:06 pm »

Hi!

Currently migrated my "home play ground IT" from Zentyal 2.2 into 4.0, also a new firewall, Sophos UTM Home Edition.

Grate things until I do discover lots of communications Droped to IPs 208.83.137.118 and 208.83.139.205 for TCP 2703 port.

What's this IP and port for?

Any one knows?

Thanks for your attention!
My best regards!
Sarraceno

half_life · « **Reply #1 on:** March 01, 2015, 10:32:23 pm »

Not sure what you are facing but whenever you have a doubt

Run:

lsof |grep :<my-questionable-port>

on the server in question. So in this case:

lsof |grep :2703

It is worth noting that ports that have assigned applications (ssh, mysql, etc) will show up as that name instead of the number.

Also worth noting is how to see what ports are being "listened" on ie what services are connected to what port.

Run:

netstat -plant

Hope this is useful

-Denny

sarraceno · « **Reply #2 on:** March 03, 2015, 12:15:57 am »

Hi!

Nothing found,

root@xxxx:~# apt-get install lsof | grep :2703 root@xxxx:~# netstat -plant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:88 0.0.0.0:* LISTEN 29298/samba tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 16122/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 9637/named tcp 0 0 0.0.0.0:33529 0.0.0.0:* LISTEN 1149/beam.smp tcp 0 0 0.0.0.0:538 0.0.0.0:* LISTEN 1000/gdomap tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 17013/apache2 tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 3210/nginx.conf tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 29296/samba tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 29300/smbd tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 16143/dovecot tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 25048/sogod tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 29293/samba tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 16143/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 16143/dovecot tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 29296/samba tcp 0 0 0.0.0.0:3269 0.0.0.0:* LISTEN 29296/samba tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 29296/samba tcp 0 0 0.0.0.0:135 0.0.0.0:* LISTEN 29293/samba tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN 16707/python tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 3324/amavisd-new (m tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 16122/master tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 934/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 16122/master tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 29300/smbd tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1384/redis-server 1 tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1006/memcached tcp 0 0 127.0.0.1:6380 0.0.0.0:* LISTEN 1415/redis-server 1 tcp 0 0 127.0.0.1:143 0.0.0.0:* LISTEN 16143/dovecot tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 17013/apache2 tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 29298/samba tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 16122/master tcp 0 0 10.10.1.1:53 0.0.0.0:* LISTEN 9637/named tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 9637/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 9637/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 877/sshd tcp 1 0 127.0.0.1:55315 127.0.0.1:20000 CLOSE_WAIT 25450/apache2 tcp 0 0 10.10.1.1:22 10.10.1.4:55508 ESTABLISHED 19672/sshd: user [p tcp 0 0 127.0.0.1:11211 127.0.0.1:44658 ESTABLISHED 1006/memcached tcp 0 0 127.0.0.1:34634 127.0.1.1:3268 ESTABLISHED 29346/sssd_be tcp 0 0 127.0.1.1:389 127.0.0.1:57843 ESTABLISHED 29296/samba tcp 0 0 127.0.0.1:11211 127.0.0.1:39937 ESTABLISHED 1006/memcached tcp 1 0 127.0.0.1:50240 127.0.0.1:389 CLOSE_WAIT 23256/amavisd-new ( tcp 1 0 127.0.0.1:55296 127.0.0.1:20000 CLOSE_WAIT 25451/apache2 tcp 0 0 127.0.0.1:44658 127.0.0.1:11211 ESTABLISHED 25061/sogod tcp 0 0 127.0.0.1:39932 127.0.0.1:11211 ESTABLISHED 16731/ocnotificatio tcp 0 0 127.0.0.1:39937 127.0.0.1:11211 ESTABLISHED 16707/python tcp 0 0 127.0.1.1:3268 127.0.0.1:34634 ESTABLISHED 29296/samba tcp 0 0 127.0.0.1:11211 127.0.0.1:39932 ESTABLISHED 1006/memcached tcp 0 0 127.0.0.1:43481 127.0.0.1:11211 ESTABLISHED 25063/sogod tcp 0 0 127.0.0.1:47260 127.0.0.1:5672 ESTABLISHED 16731/ocnotificatio tcp 0 0 127.0.0.1:43104 127.0.0.1:4369 ESTABLISHED 1149/beam.smp tcp 0 0 127.0.0.1:57843 127.0.1.1:389 ESTABLISHED 29346/sssd_be tcp 0 0 127.0.0.1:50246 127.0.0.1:389 ESTABLISHED 23894/amavisd-new ( tcp 0 0 127.0.0.1:389 127.0.0.1:50246 ESTABLISHED 29296/samba tcp 0 0 127.0.0.1:11211 127.0.0.1:43481 ESTABLISHED 1006/memcached tcp 1 0 127.0.0.1:55292 127.0.0.1:20000 CLOSE_WAIT 25451/apache2 tcp6 0 0 :::88 :::* LISTEN 29298/samba tcp6 0 0 :::25 :::* LISTEN 16122/master tcp6 0 0 :::636 :::* LISTEN 29296/samba tcp6 0 0 :::445 :::* LISTEN 29300/smbd tcp6 0 0 :::4190 :::* LISTEN 16143/dovecot tcp6 0 0 :::1024 :::* LISTEN 29293/samba tcp6 0 0 :::995 :::* LISTEN 16143/dovecot tcp6 0 0 :::3268 :::* LISTEN 29296/samba tcp6 0 0 :::3269 :::* LISTEN 29296/samba tcp6 0 0 :::389 :::* LISTEN 29296/samba tcp6 0 0 :::135 :::* LISTEN 29293/samba tcp6 0 0 :::5672 :::* LISTEN 1149/beam.smp tcp6 0 0 :::587 :::* LISTEN 16122/master tcp6 0 0 :::139 :::* LISTEN 29300/smbd tcp6 0 0 :::464 :::* LISTEN 29298/samba tcp6 0 0 :::465 :::* LISTEN 16122/master tcp6 0 0 :::4369 :::* LISTEN 1044/epmd tcp6 0 0 :::22 :::* LISTEN 877/sshd tcp6 0 0 127.0.0.1:5672 127.0.0.1:47260 ESTABLISHED 1149/beam.smp tcp6 0 0 127.0.0.1:4369 127.0.0.1:43104 ESTABLISHED 1044/epmd root@xxxx:~# netstat -plant | grep 2703 root@xxxx:~#

Detailing, usually I get lines like this on Sophos Network Protection log:
... Default DROP TCP 10.10.1.1 : 50263 → 208.83.137.118 : 2703 [SYN] len=60 ttl=63 tos=0x00 srcmac=52:5... ... Default DROP TCP 10.10.1.1 : 39206 → 208.83.139.205 : 2703 [SYN] len=60 ttl=63 tos=0x00 srcmac=52:5...

So, mainly this two IPs 208.83.137.118, 208.83.139.205 as destinations, not remember others.
Doing a regular WHOIS IP, seems like this IPs are for some security company, but I'm not confident with that, since no general availability for general reference for it and neither for any protocol or system related to.

Also it appears when a mail is being delivered on any direction...
I did noticed this relation to mail service since my dyndns domain was down couple of days per migration and thousands of mails from a couple of open source dev mail lists, after that the rate dropped, but if I send or receive a mail per test or coincidence...

I may being losing some functionality here... but what functionality for which any one should relay on?

Thanks!
Tomás

robb · « **Reply #3 on:** March 03, 2015, 10:50:07 am »

Details of 208.83.137.118
IP Address : 208.83.137.118
Location : United States (95% accuracy)
Host Name : d302.cloudmark.com

Details of 208.83.139.205
IP Address : 208.83.139.205
Location : United States (95% accuracy)
Host Name : d303.cloudmark.com

As far as I can see cloudmark offers antispam and other security services.

/edit nm, you figured that out yourself... I should read the whole post next time...

sarraceno · « **Reply #4 on:** March 03, 2015, 06:50:10 pm »

Not so... figured out but the problem is the big sellers do not tell a thing for this IPs...

Is cloudmark reliable?
Is cloudmark to little?

Also the anti-spam common software providers do not refer, also by gougle I just found cloudmark itself, no reference from others that seemed to me relevant...

Thanks!

Cookies usage

Author Topic: Net Security - What is TCP 2703 port for? (Read 18922 times)

sarraceno

Net Security - What is TCP 2703 port for?

half_life

Re: Net Security - What is TCP 2703 port for?

sarraceno

Re: Net Security - What is TCP 2703 port for?

robb

Re: Net Security - What is TCP 2703 port for?

sarraceno

Re: Net Security - What is TCP 2703 port for?