Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 12345 / NAT fingerprint - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 12345 / NAT fingerprint
Port 12345


We noticed an increase in the targets and records of port 12345. While the source number is still stable, this traffic is considered suspicious.
The graph of this activity can be found here: http://www.dshield.org/port_report.php?port=12345

We are requesting some packet dumps of this activity. Tcpdump/Windump format is preferable.





NAT devices fingerprint


A request for data was posted today at the Intrusions List.
Johannes Ullrich, ISC's CTO is requesting help to
fingerprinting various NAT devices based on source ports.


If you have a NAT device, please hit this page:
http://isc.sans.org/nattest.html

It will tell you the source port, and allow you to fill in
the NAT device you use to have it emailed to ISC database.

-------------------------------------------------------------------------------

Handler on duty: Pedro Bueno
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!