Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SSH scans, source port 80? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SSH scans, source port 80?

Got an email today from a reader named Justin (thank you Justin) who asks us if we have seen alot of SSH scans with a source port of 80 before.  Of course, the answer is yes, but only in test cases!

I've never actually seen this take place on the internet, (well, yes, I have, but very very rarely), and of course I can cause it with certain nmap settings.  But this kind of scanning isn't commonplace, afaik, to an automated tool or script kiddie run. 

Any information that anyone could provide so that we can help out Justin, and of course the rest of the readers of the Internet Storm Center would be much appreciated.  Please write in via that Contact link at the top of our home page.  Thank you.

--

Joel Esler

http://www.joelesler.net

Joel

454 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!