What is up on Port 62234?
Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early warning system of unusual activity. Well today's data has revealed a confounding one. Port 62234, which traditionally has zero on near zero sources attempting to access it suddenly has hundreds of sources.
This port is not one I have seen as a target before, and none of my sources show any traffic on this port. A check of Shodan shows only 3 hits, and two of those appear to be BitTorrent related. I am at a loss. If any of you has further information, firewall logs, or better yet, packet captures of this activity it would be appreciated if you could send it over for analysis.
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Comments
Anonymous
May 19th 2020
4 years ago
Anonymous
May 19th 2020
4 years ago
Anonymous
May 21st 2020
4 years ago
Anonymous
May 22nd 2020
4 years ago
Also, Is it true that Bangladesh IPs are trying to hit these ports all the time?
Anonymous
May 25th 2020
4 years ago
I would still love a pcap. (-8
Anonymous
May 25th 2020
4 years ago