Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 8909 Spike - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 8909 Spike

One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield.  However, we do not have any idea what was causing this.  Anyone have any packets or information with regard to this recent trend?   Please take a look at your netflows, or other packet captures and lets see if we can answer this question.

 

Scott Fendley ISC Handler

ScottF

188 Posts
ISC Handler
Possibly looking for open proxies http://mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html
Anonymous
Yes I have noticed this to my firewall has been getting alot of weird ports form china ip address over the last 48 hours everything form 80 to 443 to 1093 and just the last port was 21701
Anonymous
Port probes and all-out port scans are ramping up from all over. Not just China. It looks like someone needs a bigger bot-net. I would assume that a big sale is in the underground pipes right now. I have also seen a lot of virus-laden emails being caught by my servers. Everything from speeding tickets to files that just say "for your review". Summer vacation is over. The little critters are back to work.
Al of Your Data Center

80 Posts
I might half guess that this may be a response to the SSL debocle. The market for funky routes just got big.
Steven

42 Posts

Sign Up for Free or Log In to start participating in the conversation!