Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Port 32000 spike, got packets? - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 32000 spike, got packets?
We've noticed in the dshield data and from some of our users, that there was a very large spike in activity on TCP port 32000 yesterday.  While it appears that the vast majority of this traffic seems to be coming from one source IP, it also seems to have hit a large chunk of internet address space.  At this point, the spike may very well be over, but if anyone has more than just SYN packets (like had a netcat listener on that port) and can share the packets with us so we can try to figure out what application they might have been looking for, please submit via the contact page.

Jim Clausing, jclausing -- at -- isc dot sans dot org
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Dec 29th 2006

Sign Up for Free or Log In to start participating in the conversation!