Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: TCP scanning increase for 4899 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TCP scanning increase for 4899

An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 4899 and our dshield data confirms an uptick.  Port 4899 is the default port for the Radmin tool, which is a windows-based computer remote-control package.  According to his data, the scans are mostly originating from Spanish-speaking South American countries.  We don't have confirmation that the attackers are looking for Radmin, so if you have some packet captures please upload them and we can take a look.

Handler: Kyle Haugsness

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!