Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port 57572

From: "comandur" <comandur () comandur com>
Date: Thu, 26 Oct 2006 15:58:51 -0400
Thanks for the reply, however I don't think that would yeild much since all
I would capture was the syn packet...that information I already have in the
firewall log.
I could go ahead and forward the packets to a box and try to get more data,
but nothing is listening on that port so again, all I would get is the syn
packet.
I was interested in finding out if anyone else was seeing this as well or
knew what if there was a new trojan listening on this port.....if not, I
will do the forwarding and try to setup a generic service to accept the
request and see what it captures.


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of stonfi () linuxmail org
Sent: Thursday, October 26, 2006 3:59 AM
To: comandur; honeypots () securityfocus com
Subject: Re: Port 57572




----- Original Message -----
From: comandur <comandur () comandur com>
To: honeypots () securityfocus com
Subject: Port 57572
Date: Wed, 25 Oct 2006 17:56:36 -0400


Hello All,

For the last couple weeks I have seen thousands of inbound connection
attempts from all over the net to port 57572 (TCP and UDP)

Anyone else seeing these?  Any idea what is going on?

Thanks






hello,

use tcpdump to capture what circulates.

--
_______________________________________________
Get your free email from http://www.linuxmail.org

Powered by Outblaze
Previous By Date Next
Previous By Thread Next

Current thread: