Port 32000 spike, got packets?
We've noticed in the dshield data and from some of our users, that there was a very large spike in activity on TCP port 32000 yesterday. While it appears that the vast majority of this traffic seems to be coming from one source IP, it also seems to have hit a large chunk of internet address space. At this point, the spike may very well be over, but if anyone has more than just SYN packets (like had a netcat listener on that port) and can share the packets with us so we can try to figure out what application they might have been looking for, please submit via the contact page.
----------------------------
Jim Clausing, jclausing -- at -- isc dot sans dot org
----------------------------
Jim Clausing, jclausing -- at -- isc dot sans dot org
Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
×
Diary Archives
Comments