Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Port 32000 spike, got packets? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 32000 spike, got packets?
We've noticed in the dshield data and from some of our users, that there was a very large spike in activity on TCP port 32000 yesterday.  While it appears that the vast majority of this traffic seems to be coming from one source IP, it also seems to have hit a large chunk of internet address space.  At this point, the spike may very well be over, but if anyone has more than just SYN packets (like had a netcat listener on that port) and can share the packets with us so we can try to figure out what application they might have been looking for, please submit via the contact page.

----------------------------
Jim Clausing, jclausing -- at -- isc dot sans dot org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019

Jim

407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!