0
Was checkout out my Firewall on which I usually have UPnP disabled, but turned it on as a debugging step for an issue I was having.
I just noticed three ports registered that I am unsure where they came from.
1 52 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:6524 to:<mylaptop>:6524
1 47 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:6524 to:<mylaptop>:6524
26 1400 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:8156 to:<mylaptop>:8156
203 19123 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:8156 to:<mylaptop>:8156
1 52 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:8011 to:<mylaptop>:8011
3 160 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:8011 to:<mylaptop>:8011
In Googling, I have found that ports 8156 and 8011 are known to come from a service known as EMC2 (Legato) Networker or Sun Solcitice Backup (Official)
; I have never hard of this.
What might be on my system that is opening up these holes in my network?
Those ports could belong to any software you have installed. So have verified what software you do have running does not use those ports? – Ramhound – 2015-10-13T15:56:48.837
That is what I am trying to figure out. I have not knowingly installed anything that should be binding or UPnPing these ports. Spyware? – Matt Clark – 2015-10-13T15:58:12.950
The machine to which these entries point is running Windows 8.0, how can I search the windows firewall for specific ports? – Matt Clark – 2015-10-13T16:00:16.820
Its possible. We can't tell you. I mean right now 0.0.0.0 means that traffic sent/from to that port is going to every address on the network. Use other relevant software to determine what process is sending said traffic. – Ramhound – 2015-10-13T16:02:52.340
False, the 0.0.0.0 means any source, with a destination of my WAN IP, is being forwarded to that IP. – Matt Clark – 2015-10-13T16:08:17.120
Go to your Windows 8 computer, open Resource Monitor, and look under the Network tab to see what program is using those ports. – qasdfdsaq – 2015-10-13T16:51:48.070