Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What is up on Port 62234?

Published: 2020-05-19
Last Updated: 2020-05-19 14:56:29 UTC
by Rick Wanner (Version: 1)
6 comment(s)

Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early warning system of unusual activity.  Well today's data has revealed a confounding one.  Port 62234, which traditionally has zero on near zero sources attempting to access it suddenly has hundreds of sources.

This port is not one I have seen as a target before, and none of my sources show any traffic on this port. A check of Shodan shows only 3 hits, and two of those appear to be BitTorrent related.  I am at a loss.  If any of you has further information,  firewall logs, or better yet, packet captures of this activity it would be appreciated if you could send it over for analysis.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - - Twitter:namedeplume (Protected)

Keywords: 62234
6 comment(s)
Diary Archives