Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 8443 Spike

Published: 2006-05-04
Last Updated: 2006-05-04 23:43:18 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
There is a recent spike in TCP port 8443 http://isc.sans.org/port_details.php?port=8443.  Any one have any details on what this traffic might be? Packets with payload would be great!

Update:
Many readers have written in commenting on what products use this TCP port.
This is a pretty sizable spike. It ispossible that there is some new exploit or scanning tool  being used. That is what I am looking for evidence of.

Okay we have a good handle on the products using port 8443:
ePO
Some web portal software
Alternate ssl port
Web app backend products
A backup package

The question still remains: what is the cause of the spike? It is legitimate traffic or malicious?
Keywords:
0 comment(s)
Diary Archives