There are two events I'm interested in following up at the moment. A few reports mentioned that scans to destination port 5000 seem to be popular at the moment. (https://isc.sans.edu/port.html?port=5000). So if you have a few spare packets that would be great. In this instance I'm not looking for log records only pcaps.
Another reader mentioned scans from source port 6000 going to numerous ports on their infrastructure, but from different IP addresses. eg. IP address A scanning target 1089-1099. IP address B scanning target 1100-1110, etc. If you have log records or packets for trafic from source port 6000 to multiple ports or IP addresses in your environment I'd be interested in taking a look.
We've seen both of these previously, but certainly like to see if it is the same or something different.
'Security_News > 해외보안소식' 카테고리의 다른 글
| 애플 iOS7 PRNG 이전버전보다 취약 (0) | 2014.03.19 |
|---|---|
| 나토 웹사이트 디도스 공격받아 (0) | 2014.03.19 |
| Google Docs Users Targeted by Sophisticated Phishing Scam (0) | 2014.03.19 |
| 중국 곤명 무차별 살상 사건에 편승 한 E 메일 공격 도구 "Gh0st RAT"유도 (0) | 2014.03.19 |
| 표적형 공격「Siesta」を確認 (0) | 2014.03.19 |