An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 4899 and our dshield data confirms an uptick. Port 4899 is the default port for the Radmin tool, which is a windows-based computer remote-control package. According to his data, the scans are mostly originating from Spanish-speaking South American countries. We don't have confirmation that the attackers are looking for Radmin, so if you have some packet captures please upload them and we can take a look. Handler: Kyle Haugsness |
Kyle 112 Posts |
Subscribe |
Jun 24th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!