Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 8443 Spike - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 8443 Spike
There is a recent spike in TCP port 8443 http://isc.sans.org/port_details.php?port=8443.  Any one have any details on what this traffic might be? Packets with payload would be great!

Update:
Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool  being used. That is what I am looking for evidence of.

Okay we have a good handle on the products using port 8443:
ePO
Some web portal software
Alternate ssl port
Web app backend products
A backup package

The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
Dan

42 Posts

Sign Up for Free or Log In to start participating in the conversation!