Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Increased activity on TCP port 5250 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increased activity on TCP port 5250
As an update, we have had some readers (thanks Dr. Neal Krawetz, Thomas Schmitzer and Brian Porter) point us to an exploit against the iGateway service.  This exploit was released on October 10 by FrSIRT and appears to be what is causing the traffic.  It allows for a telnet session to port 1711, which also shows a one day increase.   Thanks for all the input and if someone happens to grab packets, we'd still like to see them to confirm.  Also a thanks to Greg Holmes for bringing this to our attention!

If you have captures of any of this traffic, please upload them via the contact page.  Thanks in advance.
Lorna

162 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!