Odd port 46253 activity getting through the firewall

By Posted on

Problem :

I’ve been reviewing the log file for my personal router/firewall WGR614v9 and, though I have 8 active hosts on the network, I keep seeing connections to port 46253 to one of the Windows7 hosts at 192.168.1.20. The router/firewall doesn’t have any ports open explicitly and there is no port forwarding. Furthermore, there is Kaspersky installed with pretty much everything blocked off on the host itself. This keeps happening even when the host is not running anything.

Any ideas what this might be?

[LAN access from remote] from 117.74.45.193:51472 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:32
[LAN access from remote] from 71.60.6.115:18690 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:31
[LAN access from remote] from 75.186.62.234:24559 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:31
[LAN access from remote] from 87.15.197.156:25019 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:30
[LAN access from remote] from 122.251.194.120:44058 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:30
[LAN access from remote] from 114.187.240.84:19878 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:30
[LAN access from remote] from 81.108.216.247:34657 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:28
[LAN access from remote] from 114.157.46.38:35605 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:27
[LAN access from remote] from 92.147.37.150:53350 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:26
[LAN access from remote] from 117.213.38.207:27584 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:24
[LAN access from remote] from 189.103.190.79:18095 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:22
[LAN access from remote] from 88.4.127.42:4242 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:21
[LAN access from remote] from 122.106.187.4:14739 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:21
[LAN access from remote] from 114.77.140.67:42347 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:19
[LAN access from remote] from 217.79.83.130:8281 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:11
[LAN access from remote] from 111.250.207.63:15263 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:09
[LAN access from remote] from 88.167.109.100:51413 to 192.168.1.20:46253 Saturday, Sep 03,2011 23:00:08

I’ve installed Wireshark on the host and see “Destination unreachable” responses by the host to the port 46253 UDP requests…

What I also don’t get is why these requests make it past the router/firewall in the first place!

Solution :

Try running netstat -b to see which executable is listening on those ports. It’s possible it’s an updater for one of your bits of installed software that Kaspersky has recognized as valid.

Leave a Reply

Your email address will not be published. Required fields are marked *