Threat Level: Infocon green
DShield
phpbb and sql errors asp sqlserver odbc sql errors

Today´s Diary

If you have more information or corrections regarding our diary, please share.


Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx
ISC StormCast for Monday, May 20th 2013 http://isc.sans.edu/podcastdetail.html?id=3317

Port 51616 - Got Packets?

Published: 2013-05-19,
Last Updated: 2013-05-19 14:06:38 UTC
by Kevin Shortt (Version: 1)

1 comment(s)

We're looking for any info or packets that target port 51616.   After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know.    

The most useful snapshot of port activity can be seen in this graph image.  I ran the graphs as far back as 2006 and nothing more signifcant was illustrated.   The image below highlights yesterdays events as well as a more curious spike back in March.  These counts do not seem very significant at first look, but they could clearly be telling us something.   

Port 51616 - Mar 2013 to May 2013

So drop us a comment to share what you know.  We're interested to attribute this traffic to something useful.

[1] https://isc.sans.edu/port.html?port=51616

 

Keywords: 51616 Got Packets Port 51616
1 comment(s)
Top of page

If you have more information or corrections regarding our diary, please share.

Diary Archive

DateAuthorTitle
2013-05-19 Kevin Shortt Port 51616 - Got Packets? (1 Comments)
2013-05-17 Daniel Wesemann e-netprotections.su ? (3 Comments)
2013-05-17 Johannes Ullrich SSL: Another reason not to ignore IPv6 (3 Comments)
2013-05-16 Daniel Wesemann Extracting signatures from Apple .apps (0 Comments)
2013-05-16 Joel Esler Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability (1 Comments)
2013-05-15 Joel Esler Call for Papers - 4th annual Forensics and Incident Response Summit EU (0 Comments)
2013-05-14 Jim Clausing So what passwords are those ssh scanners trying? (8 Comments)
2013-05-14 Swa Frantzen Microsoft May 2013 Black Tuesday Overview (7 Comments)
2013-05-14 Swa Frantzen Firefox & Thunderbird released (0 Comments)
2013-05-14 Swa Frantzen Adobe May 2013 Black Tuesday Overview (0 Comments)
Folder Icon Complete Archive
Search Diaries:

Diary Tagslink arrow

  hak5     boston marathon bombing     outage     javascript     updates     ie 8     incident     mt6d     chargen     got packets     kernel     configuration     flash     cisco     ipv4     linux     rfc6555     internet status     patch tuesday     fake charities     ios     cloudflare     trojan     certutil     cyberbunker     port 51616     cyberterrorism     msft     java security update     boston marathon explosions     malware containment     51616     sourcefire     0 day     spamhaus     ddos     firewall     java 7u21     psexec     preference     malware     bgp     blackhole     thunderbird     snort     packets     signature     firefox     spoofing     apple     icloud     cnn     remnux     phish     google     tools     typo squatting     email     ssl     spam     webserver     fake tech calls     java     security intelligence     java vulnerability     watering hole     vrt     perimeter     web app sec     black tuesday     adobe     passwords     micorsoft     dos     sysinternals     ipv6     waco fertilizer plant explosion     61     notification     rfc6724     security advisory     happy eyeballs     malware analysis     apple id     denial of service     boston marathon     postgresql     protocol     gov     ipv6 focus month     certificate     frequency hopping     mozilla     patches     two factors     authentication     apache     bcp 38     overview     back tuesday     enterprise certificate authority     microsoft     relays     certificates     boston marathon scams     xss     scam     anti virus     advance notification  
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

DSHIELD Polllink arrow

What are your plans when XP is no longer supported?

Latest RR Paperslink arrow

Event Monitoring and Incident Response

Dead Linux Machines Do Tell Tales

Setting Up a Database Security Logging and Monitoring Program

Managing the Implementation of a BYOD Policy

Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)

World Map

world map

Trends

trend graph

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

Port 51616 - Got Packets? - by: Kevin Shortt (2013-05-19)

e-netprotections.su ? - by: Daniel Wesemann (2013-05-17)

SSL: Another reason not to ignore IPv6 - by: Johannes Ullrich (2013-05-17)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute