Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Increased activity on TCP port 5250 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Increased activity on TCP port 5250
As an update, we have had some readers (thanks Dr. Neal Krawetz, Thomas Schmitzer and Brian Porter) point us to an exploit against the iGateway service.  This exploit was released on October 10 by FrSIRT and appears to be what is causing the traffic.  It allows for a telnet session to port 1711, which also shows a one day increase.   Thanks for all the input and if someone happens to grab packets, we'd still like to see them to confirm.  Also a thanks to Greg Holmes for bringing this to our attention!

If you have captures of any of this traffic, please upload them via the contact page.  Thanks in advance.

165 Posts
ISC Handler
Oct 13th 2005

Sign Up for Free or Log In to start participating in the conversation!