Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - TCP scanning increase for 4899 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

TCP scanning increase for 4899

Published: 2009-06-24
Last Updated: 2009-06-24 20:20:51 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)

An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 4899 and our dshield data confirms an uptick.  Port 4899 is the default port for the Radmin tool, which is a windows-based computer remote-control package.  According to his data, the scans are mostly originating from Spanish-speaking South American countries.  We don't have confirmation that the attackers are looking for Radmin, so if you have some packet captures please upload them and we can take a look.

Handler: Kyle Haugsness

Keywords: scanning
0 comment(s)
Diary Archives