Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-07-18 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Request for Packets: Port 15454

Published: 2018-07-18
Last Updated: 2018-07-18 18:52:01 UTC
by Kevin Liston (Version: 2)
3 comment(s)

Starting 12-JUL-2018 the number of DShield participants reporting probes for port 15454 started to rise.  It popped up on the experimental trends report (https://isc.sans.edu/trends.html) yesterday.  Fellow handler Richard Porter thought it sounded like a "debugger port for an App" and after a quick jaunt to The Googles he returned with an old report that this port opens up when the Clound9 IDE is doing its thing. (Source: https://stackoverflow.com/questions/39007572/cloud9-debugger-listening-on-port-15454)

We're curious if that initial guess is correct or not.  Are you seeing this as well?  Any pattern to the source or interesting tool marks.  Or better yet: Got Packets?

If so, hits us up on the contact form: https://isc.sans.edu/contact

 

UPDATE:

Looking at my own sensors, I see one source 185.208.208.198.  It was looking for ports in the 15000 range.  So looking at the DSHield logs for port 15453 port 15455  port 15456 around 15454 you see a similar uptick.  IN additon to the 15000 ports it was also hitting 22.

Keywords: 15454
3 comment(s)
ISC Stormcast For Wednesday, July 18th 2018 https://isc.sans.edu/podcastdetail.html?id=6084
Diary Archives