Question : port scan

hello
lately i have been receiving port scans and connection attempts to my computers port 27374
i mean alot. i use zonealarm pro so theyre all blocked but i have been receiving tons of them sometimes 1 every minute or more for like 10-45 mins straight and they are always from different ip addresses i dont think even one of the numerous times has been the same(i try to keep track of all the ip addresses that scan me, i have quite the list) anyways what is the deal with this, i know that this is the default port for all of the subseven trojan variants but why all of a sudden would i be getting all of these scans for this port. usually its port 80 for people looking for open web servers. the zonealarm security alert pop ups are getting quite annoying, i know i can shut them off but i like to know whats going on. is there some big contest going on on who can scan port 27374 the most or what? is anyone been noticing this at all? i went looking around on my computer for trojans although im careful about what i download and everything gets scanned with norton first before getting opened and found nothing in the registry or various boot files(win.ini etc.) and the start up folder. is there any reason why someone would believe that im infected and would try to scan me for it like something i did without knowing it. I asked this question somewhere else and got the port scans are not uncommon and if zonealarm is blocking it all then you shouldnt be concerned answer but ive been online for quite sometime and never had a wave of port scans to the same port by so many different people before. im interested in computer security so this makes me scratch my head any insights on this would be appreciated

best regards,
neversleeps

Answer : port scan

Port 27374 - SubSeven

27374 is one of the default ports of the BackDoor-G2.svr.gen trojan, more commonly known as SubSeven. It is the current (as of May 2001) trojan of choice for most DDoS attacks and clone attacks on specific services, such as IRC. Scans of this port are often accompanied by scans of port 1243, another default SubSeven port of older versions.

For a good summary of SubSeven, see Symantec's SubSeven Page.
http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html

You can block this port using IPSEC policy
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp

Random Solutions

Unable to open Open Office doc files in Word

How can I swap image on a link on click and have it revert back when a new link is clicked?

Exchange User cannot recieve external emails

Profile Failed as Backup Windows XP Pro

Inetinfo.exe using 100% CPU Usage

Using TIBEvents

Difference between Set chained OFF|ON, Sybase

bad magic number?

Replace a primary domain controller procedure question

SMTP Server in the DMZ