We're looking for any info or packets that target port 51616. After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know. The most useful snapshot of port activity can be seen in this graph image. I ran the graphs as far back as 2006 and nothing more signifcant was illustrated. The image below highlights yesterdays events as well as a more curious spike back in March. These counts do not seem very significant at first look, but they could clearly be telling us something.
So drop us a comment to share what you know. We're interested to attribute this traffic to something useful. [1] https://isc.sans.edu/port.html?port=51616
|
Kevin Shortt 85 Posts ISC Handler May 19th 2013 |
Thread locked Subscribe |
May 19th 2013 7 years ago |
I've seen a number of snort hits for this sig.
ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! Source port 8089, Dest port 51616 The majority of the IPs are associated with Malware, Proxies, Tor and Bruteforce SSH. |
Anonymous |
Quote |
May 19th 2013 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!