Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 8909 Spike - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 8909 Spike

One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield.  However, we do not have any idea what was causing this.  Anyone have any packets or information with regard to this recent trend?   Please take a look at your netflows, or other packet captures and lets see if we can answer this question.


Scott Fendley ISC Handler


191 Posts
ISC Handler
Aug 31st 2011
Possibly looking for open proxies
Yes I have noticed this to my firewall has been getting alot of weird ports form china ip address over the last 48 hours everything form 80 to 443 to 1093 and just the last port was 21701
Port probes and all-out port scans are ramping up from all over. Not just China. It looks like someone needs a bigger bot-net. I would assume that a big sale is in the underground pipes right now. I have also seen a lot of virus-laden emails being caught by my servers. Everything from speeding tickets to files that just say "for your review". Summer vacation is over. The little critters are back to work.
Al of Your Data Center

80 Posts
I might half guess that this may be a response to the SSL debocle. The market for funky routes just got big.

42 Posts

Sign Up for Free or Log In to start participating in the conversation!