Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 8443 Spike

Published: 2006-05-04
Last Updated: 2006-05-04 23:43:18 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
There is a recent spike in TCP port 8443  Any one have any details on what this traffic might be? Packets with payload would be great!

Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool  being used. That is what I am looking for evidence of.

Okay we have a good handle on the products using port 8443:
Some web portal software
Alternate ssl port
Web app backend products
A backup package

The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
0 comment(s)
Diary Archives