Weird hits on port 2703

firewallinternet-securityportSecurity

I'm getting these periodical console messages on my Mac:

7/22/11 8:01:03.925 AM Firewall: Stealth Mode connection attempt to UDP 10.0.0.1:2703 from 91.143.232.133:15881
7/22/11 8:01:05.885 AM Firewall: Stealth Mode connection attempt to UDP 10.0.0.1:2703 from 91.143.232.133:15881
7/22/11 8:01:09.926 AM Firewall: Stealth Mode connection attempt to UDP 10.0.0.1:2703 from 91.143.232.133:15881

Ran whois 91.143.232.133 and got:

inetnum:        91.143.232.128 - 91.143.232.143
netname:        CVIDIA
descr:          CVIDIA  ltd
country:        il
admin-c:        OH341-RIPE
tech-c:         OH341-RIPE
status:         ASSIGNED PA
mnt-by:         QOS-ISP-MNT
source:         RIPE # Filtered

Checked where the IP leads to, it leads here: https://91.143.232.133/Login/Login

I've read the port 2703 is used for SMS chat, but also might be used by a trojan.

Should I be worried?

Best Answer

  • Short answer:

    It's very unlikely that this poses a threat to your machine.

    Long answer:

    Unless you have a program running on your machine that is receiving the packets [typically called a daemon], the system won't be affected. It might be a good idea to do a UDP port scan with a program like Nmap to figure out whether that port is open.

    Since this is UDP [known colloquially as the "Unimportant Data Protocol"], which requires that the program on the receiving end initiate an outgoing connection in order for the sender to have ANY idea if it's getting through, this probably isn't a probe attempt. Most network scanners use TCP SYN packets to scan if a port is open or not. Chances are that this is just a matter of 91.143.232.133 just sending its packets to the wrong host. Maybe the remote host is just spewing out UDP packets to port 2703 of every host the Internet.

    If you're really concerned, you can set your firewall to block all packets from that host, or close the port off completely if you're not using it.

    I used to get really concerned when I'd get log messages saying that unsolicited packets were arriving on closed ports, but it never amounted to anything. Now I don't even look at the messages.

  • Related Question