0
Was checkout out my Firewall on which I usually have UPnP disabled, but turned it on as a debugging step for an issue I was having.
I just noticed three ports registered that I am unsure where they came from.
1 52 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:6524 to:<mylaptop>:6524
1 47 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:6524 to:<mylaptop>:6524
26 1400 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:8156 to:<mylaptop>:8156
203 19123 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:8156 to:<mylaptop>:8156
1 52 DNAT tcp -- * * 0.0.0.0/0 <wanip> tcp dpt:8011 to:<mylaptop>:8011
3 160 DNAT udp -- * * 0.0.0.0/0 <wanip> udp dpt:8011 to:<mylaptop>:8011
In Googling, I have found that ports 8156 and 8011 are known to come from a service known as EMC2 (Legato) Networker or Sun Solcitice Backup (Official); I have never hard of this.
What might be on my system that is opening up these holes in my network?
Matt Clark
Posted 2015-10-13T15:44:09.867
Reputation: 1 819
Those ports could belong to any software you have installed. So have verified what software you do have running does not use those ports? – Ramhound – 2015-10-13T15:56:48.837
That is what I am trying to figure out. I have not knowingly installed anything that should be binding or UPnPing these ports. Spyware? – Matt Clark – 2015-10-13T15:58:12.950
The machine to which these entries point is running Windows 8.0, how can I search the windows firewall for specific ports? – Matt Clark – 2015-10-13T16:00:16.820
Its possible. We can't tell you. I mean right now 0.0.0.0 means that traffic sent/from to that port is going to every address on the network. Use other relevant software to determine what process is sending said traffic. – Ramhound – 2015-10-13T16:02:52.340
False, the 0.0.0.0 means any source, with a destination of my WAN IP, is being forwarded to that IP. – Matt Clark – 2015-10-13T16:08:17.120
Go to your Windows 8 computer, open Resource Monitor, and look under the Network tab to see what program is using those ports. – qasdfdsaq – 2015-10-13T16:51:48.070