Got an email today from a reader named Justin (thank you Justin) who asks us if we have seen alot of SSH scans with a source port of 80 before. Of course, the answer is yes, but only in test cases!
I've never actually seen this take place on the internet, (well, yes, I have, but very very rarely), and of course I can cause it with certain nmap settings. But this kind of scanning isn't commonplace, afaik, to an automated tool or script kiddie run.
Any information that anyone could provide so that we can help out Justin, and of course the rest of the readers of the Internet Storm Center would be much appreciated. Please write in via that Contact link at the top of our home page. Thank you.
Jun 23rd 2008
1 decade ago