My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Port 32000 spike, got packets?

Published: 2006-12-28. Last Updated: 2006-12-29 02:20:08 UTC
by Jim Clausing (Version: 1)
0 comment(s)
We've noticed in the dshield data and from some of our users, that there was a very large spike in activity on TCP port 32000 yesterday.  While it appears that the vast majority of this traffic seems to be coming from one source IP, it also seems to have hit a large chunk of internet address space.  At this point, the spike may very well be over, but if anyone has more than just SYN packets (like had a netcat listener on that port) and can share the packets with us so we can try to figure out what application they might have been looking for, please submit via the contact page.

----------------------------
Jim Clausing, jclausing -- at -- isc dot sans dot org
Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Comments


Diary Archives