Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2174
Views
0
Helpful
1
Replies

TCP Port 5678 traffic to 192.168.X.1 hosts

Glenn Hanratty
Level 1
Level 1

‎06-02-2005 10:02 AM - edited ‎03-02-2019 10:59 PM

Has anyone seen entire subnets of WINXP/WIN98 hosts sending 62-byte frames to 192.168.2.1, 5.1, and 7.1 for no reason? I have four subnets in one bldg that are constantly sending to these private addresses that don't exist on my network.

So far, we have seen that it's SVCHOST.EXE that's using TCP 5678 and just spewing. If you kill the process it just respawns and sends.

Labels:
0 Helpful
1 Reply 1

owillins
Level 6
Level 6

‎06-08-2005 05:42 AM

I think this is because of a possible virus attack on your network. Try blocking the port TCP 5678 using some access list. Apply this access list on the router's ethernet port and check if you are getting any hits on the access list. If you see a large number of hits it is because of a virus. This may even cause the CPU utilization on the router to go high. Check for the source of this addresses, by enabling "ip route cache" on the router and using "sh ip cache flow" command

0 Helpful
Customers Also Viewed These Support Documents