Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Port 5431 (tcp/udp) Attack Activity - Internet Security | DShield Port 5431 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp park-agent PARK AGENT
udp park-agnet PARK AGENT
[get complete service list]
Port diary mentions
URL
Exposed UPNP Devices
User Comments
Submitted By Date
Comment
2018-03-28 16:36:38
Have been observing this for about 45 days now (since 02/08/2018). Traffic is very bursty -- scanning occurs for just an hour or two and stops, then repeats every 3-4 days or so. I have also noticed an (oddly) fixed source port of port 6/tcp on the scan packets. Not sure of the intent -- perhaps looking for Broadcom UPnP? But curious that the scanning starts and stops so abruptly from 10's of thousands of source IPs. Feels botnet-like, but no evidence to support that.
Add a comment
CVE Links
CVE # Description