The other day my firewall blocked an accecss attempt. The referenced post was ###.###.###.### : 666. Looking in my Services file, I saw that there was a Doom port assigned to that number.

I've never played or installed that game on this PC - it this a standard Services entry, or should I be concerned (I update my antivirus definitions and scan for viruses, worms and trojans daily).

Nothing to worry about -- standard Services entry (at least on Windows 2000 and XP, not sure about earlier versions) and your firewall caught it.

id Software (authors of Doom) chose port 666 (for obvious reasons), and registered it with IANA.See http://www.iana.org/assignments/port-numbers

Of course, given the "cool factor" of port 666, it's also used by numerous trojan exploits. These include (but are probably not limited to): Attack FTP, Back Construction, BLA trojan, Cain & Abel, Danger 666, NokNok, Satans Back Door - SBD, ServU, Shadow Phyre, th3r1pp3rz


You didn't say if your firewall blocked incoming or outgoing access. Assuming worst case (outgoing-- i.e. j00r 0wnz3d d00d!!!), I'd port scan to confirm it's open. Disconnect, close it, and disinfect as necessary. Though if your defs are up to date, you've scanned thoroughly, and are patched with all the critical updates from Microsoft, I doubt you've been owned.

Best case, some one was probing your box from the outside, looking for open ports. While a bit presumptive, this may or may not be the first signs of an attack. Heck, I've seen ISPs running scans on their customers if they suspect something's up... As long as you're locked down and patched, you should be good to go. You have locked down all unnecessary ports, haven't you?

It's hard to give more advice without knowing more about your setup, but I hope this helps.

--Brett