This forum is in permanent archive mode. Our new active community can be found here.

What program uses port 64197

edited February 2008 in Technology
...cause I've got a whole mess of people hitting port 64197 on my router and I'm confused.


  • It could be anything.
  • I'd normally dismiss such a thing, but like 30-40 different people are hitting me on that port. That's only in the last 50 entries which covers about half an hour, and these hits just keep coming.
  • That's an ephemeral port. There is absolutely no regulation or reason to connections in that range, and no legitimate application will ever use it as a dedicated receiving port.

    Most likely, some malware uses it to set up its evil, and trowelers are hitting it looking for active infections. Luckily, this will not affect you in any way unless you are infected and your router/NAT is open.

    If you have a sophisticated firewall, block non-established connections to that port and be done with it. Do NOT block established connections, and DEFINITELY do not block all connections.
  • edited March 2008
    I run a pfsense firewall/router: it blocks every incoming, non-established connection by default. It's just the shear number of different IPs that were hitting it that worried me. Must be some random windows vulnerability or something. Maybe later if the hits keep coming I'll boot a ubuntu livecd, load wire shark, and plug it into the cable modem to see what it all is.
    Post edited by Rym on
  • edited February 2008
    I think hat port is commonly used by Gnutella.
    Post edited by Omnutia on
  • edited March 2008
    If it were me, I would check my Bit torrent, Gnutella, or any other app that may be using an open port. If nothing uses that port, just block it with a router.
    Post edited by Rym on
  • joe_momma.exe
  • My fault, I'm doing my school work and forums at the same time.
Sign In or Register to comment.