|
One of the first things I normally do when I start a shift as HOD is to look at our trends page and see if there is anything interesting going on. Today, I noted ports 8800, 1100, and 5905. And what the heck is going on with the periodic spikes on 22105? I see our friends at Arbor have posted a nice story about the port 1100 stuff and what they think that is all about, but if anyone has thoughts on any of these others and/or are able to capture some packets (something more than just SYN packets
---Jim I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Jun 7th 2008 |
| Thread locked Subscribe |
Jun 7th 2008 1 decade ago |
) let us know via the Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
