Mysterious Port Forwarding Entries - Valid or Rogue Software?

By dms936 ·
I found the following ports had been added to my small business' router port forwarding section today. Are these valid ports or have we been hacked by some software?

RTSP_841653 on 2688-2689 pointing to .106
SP_640349 on 2972-2973 pointing to .106

.106 is the wireless connection to a laptop computer in the office

Hijackthis and Norton haven't found anything running on the machine.

One google result I found (the only one) had a link to something about Squid Server - something I had heard of before from the owner of the company when talking about his "dream" of blocking all internet sites except the ones he designates (our vendors)

I'm the IT guy, but if he installed this software it might be done without my involvement as only he wants to have the ability to allow/disallow sites.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

at the least..

by computechdan In reply to Mysterious Port Forwardin ...

i would record and remove the entries

change routers password

examine router logs

rtps could refer to real time streaming protocol

the ports u mention are known to be used by wireshark

Collapse -

well.. you could always disable the port forwarding

by CG IT In reply to Mysterious Port Forwardin ...

see what breaks.

RTSP is streaming media protocol "Real Time Streaming Protocol".

TCP port 2973 is assigned to SV Networks
TCP port 2972 is PMSM web control.

question what computer has the address XXX.XXX.XXX.106?

Related Discussions

Related Forums