Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Call for Packets - Port 19905

Published: 2008-06-28
Last Updated: 2008-06-28 17:24:17 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)

One of the things I like to check while on duty are the Trend reports which focus on changes in port activity.  While looking at this today, I noticed a sharp increase in both the source and targets for port 19905.  Generally target increases don't bother me too much and can be attributed to different things.  But with the sources and targets increasing over the past few days for this port, it has me curious.  An increase in both sources and targets can be an indicator of an infection of some sort.  If you have any ideas for this or any packet captures, please send them our way. 

 

 

Keywords:
0 comment(s)
Diary Archives