Port 12345 / NAT fingerprint
Port 12345
We noticed an increase in the targets and records of port 12345. While the source number is still stable, this traffic is considered suspicious.
The graph of this activity can be found here: http://www.dshield.org/port_report.php?port=12345
We are requesting some packet dumps of this activity. Tcpdump/Windump format is preferable.
NAT devices fingerprint
A request for data was posted today at the Intrusions List.
Johannes Ullrich, ISC's CTO is requesting help to
fingerprinting various NAT devices based on source ports.
If you have a NAT device, please hit this page:
http://isc.sans.org/nattest.html
It will tell you the source port, and allow you to fill in
the NAT device you use to have it emailed to ISC database.
-------------------------------------------------------------------------------
Handler on duty: Pedro Bueno
We noticed an increase in the targets and records of port 12345. While the source number is still stable, this traffic is considered suspicious.
The graph of this activity can be found here: http://www.dshield.org/port_report.php?port=12345
We are requesting some packet dumps of this activity. Tcpdump/Windump format is preferable.
NAT devices fingerprint
A request for data was posted today at the Intrusions List.
Johannes Ullrich, ISC's CTO is requesting help to
fingerprinting various NAT devices based on source ports.
If you have a NAT device, please hit this page:
http://isc.sans.org/nattest.html
It will tell you the source port, and allow you to fill in
the NAT device you use to have it emailed to ISC database.
-------------------------------------------------------------------------------
Handler on duty: Pedro Bueno
Keywords: 
0 comment(s)
  
  ×
  
  ![modal content]() 
  
  
Diary Archives
         
              
Comments