Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2013-05-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 51616 - Got Packets?

Published: 2013-05-19
Last Updated: 2013-05-20 22:43:50 UTC
by Guy Bruneau (Version: 2)
1 comment(s)

We're looking for any info or packets that target port 51616.   After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know.    

The most useful snapshot of port activity can be seen in this graph image.  I ran the graphs as far back as 2006 and nothing more signifcant was illustrated.   The image below highlights yesterdays events as well as a more curious spike back in March.  These counts do not seem very significant at first look, but they could clearly be telling us something.   

Port 51616 - Mar 2013 to May 2013

So drop us a comment to share what you know.  We're interested to attribute this traffic to something useful.

[1] https://isc.sans.edu/port.html?port=51616

Update 1: ISC reader Jim suggested that port 51616 is Xsan is Apple Inc.'s storage area network (SAN) or clustered file system for Mac OS X. Xsan enables multiple Mac desktop and Xserve systems to access shared block storage over a Fibre Channel network. With the Xsan file system installed, these computers can read and write to the same storage volume at the same time.

1 comment(s)
Diary Archives