Honeypots mailing list archives
RE: Port 57572
From: "comandur" <comandur () comandur com>
Date: Thu, 26 Oct 2006 15:58:51 -0400
Thanks for the reply, however I don't think that would yeild much since all I would capture was the syn packet...that information I already have in the firewall log. I could go ahead and forward the packets to a box and try to get more data, but nothing is listening on that port so again, all I would get is the syn packet. I was interested in finding out if anyone else was seeing this as well or knew what if there was a new trojan listening on this port.....if not, I will do the forwarding and try to setup a generic service to accept the request and see what it captures.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of stonfi () linuxmail org Sent: Thursday, October 26, 2006 3:59 AM To: comandur; honeypots () securityfocus com Subject: Re: Port 57572----- Original Message ----- From: comandur <comandur () comandur com> To: honeypots () securityfocus com Subject: Port 57572 Date: Wed, 25 Oct 2006 17:56:36 -0400 Hello All, For the last couple weeks I have seen thousands of inbound connection attempts from all over the net to port 57572 (TCP and UDP) Anyone else seeing these? Any idea what is going on? Thankshello, use tcpdump to capture what circulates. -- _______________________________________________ Get your free email from http://www.linuxmail.org Powered by Outblaze
Current thread:
- Port 57572 comandur (Oct 25)
- <Possible follow-ups>
- Re: Port 57572 stonfi (Oct 26)
- RE: Port 57572 comandur (Oct 26)