We are seeing a recent uptick in port 34567 for recent weeks. [1] I was curious, so I poked around to learn a few things. At this point, it appears it could be a century of some kind.. Admittedly, I do not know much about this port. After a little digging, I see a possible affinity to Fbot and Mirai or its variants. We have a Diary from Dr. J. on Mirai [2]. After some reading, I can not definitively tie this to Mirai or Fbot or something else just yet. However, in early 2019 there was a well publicized uptick in Fbot activity. [3] I went looking for data on ports that coincided with the early 2019 events from Fbot. I did find some correlation, but nothing purely consistent. By that I mean, all ports with ties to Fbot did not see a recent correlating spike. Some well known ports that showed activity back then for Fbot are TCP: port 80,port 81,port 88, port 8000 and port 8080. Some of these have correlating spikes of late. See some pics below.
Looking at these three graphs only, one could infer there were less infected hosts in early 2019. The recent uptick shows a more equal distribution of sources and targets. This can mean there are more infected hosts and possibly a new campaign has begun. I invite you all to comment and share what you may know of this observation. |
Kevin Shortt 85 Posts ISC Handler Jul 26th 2019 |
Thread locked Subscribe |
Jul 26th 2019 2 years ago |
So I just looked this up on Shodan (port:34567) and port 34567 seems to correspond with nginx but mainly DHT: https://en.wikipedia.org/wiki/Distributed_hash_table Shodan shows results from five countries and five organizations: Russian Federation (7), Greece (7), Hong Kong (3), Canada (3), and the US (2) Orgs = OTEnet S.A. (5), Ziggo (2), Vodafone DSL (1), Vetta Online (1) and UPC Magyarorszag (1) Also interesting is top products listed as Ubiquiti Networks Device (3)
|
rand0m 8 Posts |
Quote |
Jul 26th 2019 2 years ago |
Hi ,
just for curiosity !! may i know which tools you are using to see the port activity? is it snort or some other specialize customize tools ? |
arun 2 Posts |
Quote |
Jul 29th 2019 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!