Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: port 56398

port 56398 15 years 2 months ago #1582

Hi everyone,
Are there any known attacks utilizing port 56398?

Re: port 56398 15 years 2 months ago #1583

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 521
  • Thank you received: 0
Haven't seen one. Symantec doesn't have anything on that port.

What makes you think there might be one?


Re: port 56398 15 years 2 months ago #1584

I had about 200 addresses trying to enter my firewall on that port, they were denied and logged......

Re: port 56398 15 years 2 months ago #1598

Could you be more specific about the attempt, was it TCP or UDP, what was the source port ? Were all the IP's in a particular range or netblock (you can check with whois). Did it happen in one large flood or was it interspersed traffic

Hmm after a little basic research I found some software (?) that is used for equity share analysis that uses UDP 56389.. go to im posting something from their page

Continuum Ping or "Echo"

ContinuumClient sends and receives UDP ping packets to our servers on port 56398 or lower. Every new instance of ContinuumClient (created by other applications connecting to QFeed) will attempt to open port 56398 to send and receive listen for pings. If it can't, it listens on 56397, etc. This prevents ping collisions on that port. If this port is not open, the "echo" statistic reported in the ContinuumClient.ini file will be 65534 - the max reading - indicating it cannot reach that server on a ping.

I don't see why you should get those requests as it says 'to our servers'.. but its the only worthwhile thing that I can think of.. I personally know of know backdoors or trojans that use it. What machines were they trying to connect to ? Scan your internal network to see if any daemons are listening on that port, don't forget to UDP scan too.. you can use Nmap

I really can't figure why you'd get so many requests.. I'm watching my firewall logs and haven't seen any of that kind of traffic.
I recommend you go here :
and submit your firewall logs, if they haven't seen that activity then I really don't think you need to worry about it. If the traffic gets annoying and is in the same netblock then just email the abuse address from whois or the technical contact and tell them to sort it out or you'll be pissed off ;)

btw you could post a couple of entries here for analysis, may I suggest you post it as follows :

1. log entries when it starts including the last few entries before it
2. log entries in the middle of the attempts
3. log entries after it stops including some followup traffic.

If the destination IP is public you might want to sanitize the log details before posting -- it may sound paranoid, but would you post your home address here ;)

Frankly, I don't think you need to be bothered about it.


Sahir Hidayatullah. Staff - Associate Editor & Security Advisor

Re: port 56398 15 years 2 months ago #1600

Oh yeah just as an add-on at you can type in a few of those IPs, it searches the complete database to see if they've been reported as attacking IPs.
Sahir Hidayatullah. Staff - Associate Editor & Security Advisor

Re: port 56398 15 years 2 months ago #1627

it is UDP port 56398. Have traced it back to lycos but still have no idea what is going on. The firewall was active for 2 hours trying to process the requests (denying them)
  • Page:
  • 1
  • 2
Time to create page: 0.187 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup