Last Updated: 2006-11-03 18:37:47 UTC
by Joel Esler (Version: 1)
One of our readers wrote in to tell us that they are experiencing alot of traffic on TCP port 48318. They even sent us a pcap of the traffic so we could take a look. Unfortunately the pcap only contained inbound SYN packets, and outbound RST packets.
The Source IP's were from totally different countries, and unique in makeup. Some packets could be from Windows Machines, (judging from TTL, options..etc) and some don't appear to be.
Taking a look at our port graph here...
Clearly we have something going on.
So we need some packets. Don?t bother sending us just SYN packets, we?re going to need at least some 3 way-handshake stuff.
Now. We are NOT telling you to allow this port through the firewall, lets just get that straight. But if you were in an operational environment where you may be allowed to get us a dump of the traffic with PERMISSION, then that would be great.