|
Started 10/24/2017 I've seen some unusual traffic being blocked in a public wifi segment. A particular android device is making repeated requests to 192.168.2.1 UDP 9003 192.168.1.2 TCP 5678 192.168.1.1 TCP 2345 The UDP traffic is always sourced from port 10002. I did a brief packet capture of the UDP traffic and the data field looks like 2b:80:81:32:00:00:00:18:08:94:64:00:96:00:c0:05:14:00:01:0a:00:c8:00:c8:00:c0:05:14:00:00:c8:00:14:00:64:00:c0:05:14:00:00:0a:00 or as ascii it's just a string of this +..2......d........ ..............d...... .+..2......d........ ..............d...... .+..2......d........ ..............d...... .+..2......d........ ..............d...... .+..2......d........ ..............d...... .+..2......d........ ..............d...... I've searched online and it seems Belkin is the biggest player using the 192.168.2.1 default. I did briefly get my hands on the device today, and the only non-mainstream recently updated app that I saw was Trickster Pitch from Trickster Cards, Inc. Updated October 23, 2017 on the store. https://play.google.com/store/apps/details?id=com.trickstercards.pitch&hl=en I asked the user if he could return when he had more time so we could try to verify which app is causing the traffic. Any other ideas of where I should be looking? Thanks |
Mark 2 Posts |
| thread locked Quote Subscribe |
Oct 25th 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
