Reviewing the dashboards at the ISC today revealed an anomaly on port 2580. Over the last couple days the number of sources probing for port 2580 has increased by nearly 600x from near none historically.
While this port is officially allocated to a service called Tributary, development software created by Bristol Technology, I can't find any sign that Bristol or the Tributary software are still in existence (Bristol was purchased by HP in 2007).
Shodan shows a number of different services listening on this port. The most common one is a free Universal Plug and Play (UPnP) server called redsonic which looks like it may be used in Google Chromecast, but is also commonly used in torrent applications.
If anybody has any more information, or packet traces that would enlighten me on what may be going on here please contact us through the ISC contact page
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Feb 10th 2018
1 year ago