Port 8443 Spike
There is a recent spike in TCP port 8443 http://isc.sans.org/port_details.php?port=8443. Any one have any details on what this traffic might be? Packets with payload would be great!
Update:
Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool being used. That is what I am looking for evidence of.
Okay we have a good handle on the products using port 8443:
ePO
Some web portal software
Alternate ssl port
Web app backend products
A backup package
The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
Update:
Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool being used. That is what I am looking for evidence of.
Okay we have a good handle on the products using port 8443:
ePO
Some web portal software
Alternate ssl port
Web app backend products
A backup package
The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
Keywords:
0 comment(s)
×
Diary Archives
Comments