Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 8909 Spike

Published: 2011-08-31
Last Updated: 2011-08-31 04:14:06 UTC
by Scott Fendley (Version: 2)
4 comment(s)

One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield.  However, we do not have any idea what was causing this.  Anyone have any packets or information with regard to this recent trend?   Please take a look at your netflows, or other packet captures and lets see if we can answer this question.

 

Update 1:

It appears that this one was perhaps easy to figure out.  Per www.proxynova.com/proxy-server-list/port-8909/  and mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html there appears to be a number of proxy servers in China (and elsewhere) which may be using this port.  One explanation for the spike may be related to individuals trying to find proxy servers which can be exploited.

 

Scott Fendley ISC Handler

Keywords:
4 comment(s)
Diary Archives