Last Updated: 2018-07-18 17:48:47 UTC
by Kevin Liston (Version: 1)
Starting 12-JUL-2018 the number of DShield participants reporting probes for port 15454 started to rise. It popped up on the experimental trends report (https://isc.sans.edu/trends.html) yesterday. Fellow handler Richard Porter thought it sounded like a "debugger port for an App" and after a quick jaunt to The Googles he returned with an old report that this port opens up when the Clound9 IDE is doing its thing. (Source: https://stackoverflow.com/questions/39007572/cloud9-debugger-listening-on-port-15454)
We're curious if that initial guess is correct or not. Are you seeing this as well? Any pattern to the source or interesting tool marks. Or better yet: Got Packets?
If so, hits us up on the contact form: https://isc.sans.edu/contact