Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: What's going on with these ports? Got packets? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's going on with these ports? Got packets?

One of the first things I normally do when I start a shift as HOD is to look at our trends page and see if there is anything interesting going on.  Today, I noted ports 8800, 1100, and 5905.  And what the heck is going on with the periodic spikes on 22105?  I see our friends at Arbor have posted a nice story about the port 1100 stuff and what they think that is all about, but if anyone has thoughts on any of these others and/or are able to capture some packets (something more than just SYN packets ) let us know via the contact page.

 

---Jim

I will be teaching next: Malware Reverse-Engineering Challenge - SANS Bethesda 2020

Jim

412 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!