There is a recent spike in TCP port 8443 http://isc.sans.org/port_details.php?port=8443. Any one have any details on what this traffic might be? Packets with payload would be great!
Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool being used. That is what I am looking for evidence of.
Okay we have a good handle on the products using port 8443:
Some web portal software
Alternate ssl port
Web app backend products
A backup package
The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
May 4th 2006
1 decade ago