Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ibm-dial-out copying keystrokes?

billyboy

billyboy

macrumors 65816
Original poster
Mar 15, 2003
1,165
0
In my head
The application "stroke" wants to connect to cable48a015.usuarios.retecal.es on TCP port 3267 (ibm-dial-out)

Got the above message on Little Snitch. I googled it and all I understand is that it is not a trojan or virus, which is not much help.

I admit I have little to no knowledge of ports beyond the basics for sending and receiving mail, but I am willing to learn. This may be nothing, or could it be the ISP going about their business as usual or is someone on my block being a naughty bar steward?

thanks
 
Sounds fishy to me. Have you installed an application called stroke? Why is trying to connect to a host who's name looks like a cable modem?
 
robbieduncan said:
Sounds fishy to me. Have you installed an application called stroke? Why is trying to connect to a host who's name looks like a cable modem?
Click to expand...
I havent installed stroke, no. The host is the name of someone on my retecal
(isp) network ie either it is my isp or perhaps a neighbour has tried to do something?
 
The port is what it says, according to the assigned port numbers:

3267 tcp ibm-dial-out IBM Dial Out
3267 udp ibm-dial-out IBM Dial Out

but I can't find any relevent information on what it is for -- and no combinations of "stroke" and the port number show up in Google.

I would ask your ISP whether this is anything they use, or if they can identify the target machine.
 
CanadaRAM said:
The port is what it says, according to the assigned port numbers:

3267 tcp ibm-dial-out IBM Dial Out
3267 udp ibm-dial-out IBM Dial Out

but I can't find any relevent information on what it is for -- and no combinations of "stroke" and the port number show up in Google.

...
Click to expand...

And I cauhgt this message too

The application "configd" wants to connect to cable48a015.usuarios.retecal.es on UDP port 67 (bootps)

This is what I found but dont know what it means really.

Port Number: 67
TCP / UDP: UDP
Delivery: No
Protocol / Name: bootps
Port Description: Bootstrap Protocol Server. Listening port on bootp & DHCP servers. Clients broadcast to it for boot or network parameters. Security Concern: Can probe NIS domain name, plus a valued DOS target.
Virus / Trojan: No

Side note: UDP port 67 uses the Datagram Protocol, a communications protocol for the Internet network layer, transport layer, and session layer. This protocol when used over PORT 67 makes possible the transmission of a datagram message from one computer to an application running in another computer. Like TCP (Transmission Control Protocol), UDP is used with IP (the Internet Protocol) but unlike TCP on Port 67, UDP Port 67 is connectionless and does not guarantee reliable communication; it's up to the application that received the message on Port 67 to process any errors and verify correct delivery.

Can someone make sense of this?
 
yellow said:
UDP ports 67 and 68 are used to request and receive IP addresses via DHCP.
Click to expand...
thanks, so what is the connection with the two messages and the cable at retecal address?
 
billyboy said:
thanks, so what is the connection with the two messages and the cable at retecal address?
Click to expand...

No clue. All I can tell you is that outgoing connection requests to UDP 67 are probably benign.
 
generik said:
Do you have a P2P application running?

What's 'stroke' btw? :confused:
Click to expand...

no, I am running firefox, mail, a programme called filechute that is set to upload files to my .mac homepage, network utility, iTunes, preview, word, console, photoshop and textedit.

I not long ago had a message from Little Snitch saying firefox-bin was going to www.paypal.com - I certainly hadnt opened the webpage. No idea what this means. Something, nothing? I sent this info to paypal just in case!

thanks for taking an interest btw - more than the Apple discussions can say for themselves so far.

As for stroke - i don't know what it is. Is it a name of a UNIX utility maybe?
 
billyboy said:
As for stroke - i don't know what it is. Is it a name of a UNIX utility maybe?
Click to expand...

Nope. Not one I've ever heard of.

Maybe you should give us the results of this from the Terminal:

sudo find / -name "stroke"

EDIT: Actually, I'm wrong. I was doing this myself and look what I found:

Code: 
yellow% sudo find / -name "stroke"
/Applications/Utilities/Network Utility.app/Contents/Resources/stroke

So apparently it's part of the Network Utility app. Were you using that at the time? And now that I think about it, stroke might be used in port scanning or in keeping a conneciton alive, like an FTP connection. Stroking, if you will..

Again, that's just a guess. But "stroke" might be begnin as well.
 
yellow said:
So apparently it's part of the Network Utility app. Were you using that at the time? And now that I think about it, stroke might be used in port scanning or in keeping a conneciton alive, like an FTP connection. Stroking, if you will..

Again, that's just a guess. But "stroke" might be begnin as well.
Click to expand...

Good deduction! With a clue about Network Utility in the mix Google turned up this article http://www.macgeekery.com/hacks/software/antisocial_portscanning here

A benign utility that could be used for sinister purposes. I am going to ask my ISP what or who that cable modem address is, and perhaps that will solve this question for good. Thanks for your help and if I hear anything, or lose all my data or passwords I will report back.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back