Increased activity on TCP port 5250

Published: 2005-10-13
Last Updated: 2005-10-13 19:57:16 UTC
by Lorna Hutcheson (Version: 3)
0 comment(s)
As an update, we have had some readers (thanks Dr. Neal Krawetz, Thomas Schmitzer and Brian Porter) point us to an exploit against the iGateway service.  This exploit was released on October 10 by FrSIRT and appears to be what is causing the traffic.  It allows for a telnet session to port 1711, which also shows a one day increase.   Thanks for all the input and if someone happens to grab packets, we'd still like to see them to confirm.  Also a thanks to Greg Holmes for bringing this to our attention!

If you have captures of any of this traffic, please upload them via the contact page.  Thanks in advance.
0 comment(s)


Diary Archives