Last Updated: 2020-05-19 14:56:29 UTC
by Rick Wanner (Version: 1)
Here at the ISC we provide access to a number of bits of data which can be used to dig into problems or even as an early warning system of unusual activity. Well today's data has revealed a confounding one. Port 62234, which traditionally has zero on near zero sources attempting to access it suddenly has hundreds of sources.
This port is not one I have seen as a target before, and none of my sources show any traffic on this port. A check of Shodan shows only 3 hits, and two of those appear to be BitTorrent related. I am at a loss. If any of you has further information, firewall logs, or better yet, packet captures of this activity it would be appreciated if you could send it over for analysis.
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)