Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: TCP scanning increase for 4899 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TCP scanning increase for 4899

An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 4899 and our dshield data confirms an uptick.  Port 4899 is the default port for the Radmin tool, which is a windows-based computer remote-control package.  According to his data, the scans are mostly originating from Spanish-speaking South American countries.  We don't have confirmation that the attackers are looking for Radmin, so if you have some packet captures please upload them and we can take a look.

Handler: Kyle Haugsness

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!