Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Eleventeen]

Hi all! I'm not sure if this is the right place to post this, but earlier tonight I noticed over 100 connections from my wirelessly-connected PC to my router's IP address, destination port 4444. Is this normal, or could it be some kind of misconfiguration? At the moment, there are no connections to port 4444 in my PC's firewall connection list. Why would my PC connect to the router on port 4444?

I've scanned my PC for viruses/malware and it's come up clean, so I was wondering if this could be caused by my router? Google doesn't have any answers to this either and I was hoping someone her could help me out.

My firmware version is 1.34 if that helps at all. Thanks for any advice you guys can give!

[FurryNutz]

Where are you seeing these connections? Routers logs?
If the router is seeing odd connection and your not seeing any issues on your PC, might be that the router is doing it's job by blocking those things that don't need to be coming from the WAN side to the LAN side.
What ISP Service do you have? Cable or DSL?
What ISP Modem do you have? Stand Alone or built in router?

[marmoduke]

Refer to this URL:

You may have a problem.

http://www.speedguide.net/port.php?port=4444

[Eleventeen]

I saw the connections last night in Comodo firewall's active connections list. The connections were from my PC directly to my router, the dlink DIR 655, on port 4444. I have a cable connection (Charter) and a Motorola Surfboard modem I bought a few months ago. I'm not seeing any odd incoming requests in either the router logs or my firewall logs.

I've scanned using Avast and MBAM, so I don't think it's a malware issue - either/both of my security apps would have picked the malware listed on the SG page, right?

So far, I'm not seeing any requests going to port 4444; nothing listening on odd port numbers, and no indication I'm infected. I'd still love to know why all those connections were made to my router, though, any ideas? Thanks guys!

[FurryNutz]

I saw the connections last night in Comodo firewall's active connections list. The connections were from my PC directly to my router, the dlink DIR 655, on port 4444. I have a cable connection (Charter) and a Motorola Surfboard modem I bought a few months ago. I'm not seeing any odd incoming requests in either the router logs or my firewall logs.
If your saying that the connections were from your PC to the router, this would indicate that the problem might be on your PC.

I've scanned using Avast and MBAM, so I don't think it's a malware issue - either/both of my security apps would have picked the malware listed on the SG page, right?

So far, I'm not seeing any requests going to port 4444; nothing listening on odd port numbers, and no indication I'm infected. I'd still love to know why all those connections were made to my router, though, any ideas? Thanks guys!

[Eleventeen]

Do you have any idea what it might be, or where I should start looking?

I noticed that Google Chrome was updated right around the same time this happened - could that be it?

[davevt31]

Make sure you do a Malware scan while in Safe Mode, some of these newer baddies can hide themselves pretty good.

[marmoduke]

Personally, I consider Google Chrome itself as Malware.  It has a way of using it's own routing and in some cases bypassing your Router Security settings.



EVERYONE also should have packet exchanges (incoming and outgoing)  blocked to Google-Analytics in your site list.
That is Google evesdropping and harvesting everything on your computer for sale.

[FurryNutz]

Is this your only PC or are there others?

Does this seem to happen if you are using Chrome?
How about using a different browser? Like Opera, or FF? Same thing?

[FurryNutz]

Personally, I consider Google Chrome itself as Malware.  It has a way of using it's own routing and in some cases bypassing your Router Security settings.



EVERYONE also should have packet exchanges (incoming and outgoing)  blocked to Google-Analytics in your site list.
That is Google evesdropping and harvesting everything on your computer for sale.
Are there specific IPs or ports numbers for doing this? Would this go into router or 2rd party FW settings?

[Eleventeen]

Sorry about not getting back to this topic, I've been trying to figure out if there is indeed a problem here or if I'm just overly paranoid (which is a definite possibility!).

So far I've run a full scan with Malwarebytes, and both a boot-time scan and a full scan with Avast. Neither have come up with anything.

I noticed this happened on the 8th at around 2am. I was browsing using Chrome on a trusted forum when I saw hard drive access and decided to check out my current active connections in Comodo. Like I said, there were dozens (over 100, easily) of outgoing connections from my PC to my router on port 4444. I think the source ports were all different. But the latest Chrome version seems to have been downloaded and updated at exactly the same time this happened, so I'm wondering if maybe it's a Google Updater oddity?

There's absolutely nothing online about this, so I'm concerned. One post I found alludes to port 4444 being used for IPv6, but I don't see why over 100 connections would need to be opened to the router...

If I remember correctly, Comodo was reporting that all the connections were 66 bytes long, both in and out. I'm not sure, I think the process opening the connections was svchost. I should have taken a screenshot!

I haven't seen any odd connections since then, though. Nothing connecting to the router on 4444, no ports listening, nothing out of the ordinary. I'm still worried, though...

There are multiple PCs on my network, one of which was online at the same time this happened.

[FurryNutz]

What happens if you use a different browser like Opera or FF and go to these same sites that you visit?

[Eleventeen]

Nothing unusual happens, no connections to port 4444 or anything. But this event seems isolated to the one incident, and I can't reproduce it since I saw it a few days ago.

I'm generally pretty careful about browsing, so I don't think it's the sites I'm visiting that are causing this. I always browse with JS and plugins disabled unless I absolutely trust the site, and even then I only visit a handful of sites on this PC - a few bank sites, a few news websites, webmail, a few popular discussion boards and tech sites - for this exact reason.

I'm still unsure whether this is malware related or not, but I've posted on a malware removal board to see if my computer is infected or not. I'd definitely love to know if this incident was legitimate or something malicious!

[FurryNutz]

I would keep monitoring for this port and use Opera or FF for a while and see if it crops back up. It's possible that between the router and Comodo that they are doing there job and catching this rogue 4444 event.