id Software (authors of Doom) chose port 666 (for obvious reasons), and registered it with IANA.See http://www.iana.org/assignments/port-numbers

Of course, given the "cool factor" of port 666, it's also used by numerous trojan exploits. These include (but are probably not limited to): Attack FTP, Back Construction, BLA trojan, Cain & Abel, Danger 666, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre, th3r1pp3rz


You didn't say if your firewall blocked incoming or outgoing access. Assuming worst case (outgoing-- i.e. j00r 0wnz3d d00d!!!), I'd port scan to confirm it's open. Disconnect, close it, and disinfect as necessary. Though if your defs are up to date, you've scanned thoroughly, and are patched with all the critical updates from Microsoft, I doubt you've been owned.

Best case, some one was probing your box from the outside, looking for open ports. While a bit presumptive, this may or may not be the first signs of an attack. Heck, I've seen ISPs running scans on their customers if they suspect something's up... As long as you're locked down and patched, you should be good to go. You have locked down all unnecessary ports, haven't you?

It's hard to give more advice without knowing more about your setup, but I hope this helps.

--Brett