Security Incidents mailing list archives
Large increase in port 32772 activity
From: "Christopher Harrington" <cmh () nmi net>
Date: Mon, 29 Dec 2003 10:00:09 -0500
All, Several of our customers are seeing very significant increase in port 32772 activity. They are single packets of which I do not have the size. One customer had over 1500 different hosts sending a single packet to 32772 in a 6 hour period. The vast majority of those hosts were probably zombies since they were Verizon DSL, Comcast, AT&T ip addresses. I know spammers look for 32772 to be open because Checkpoint can use this port for SMTP. Anyone else seeing this? Thanks, -- Christopher Harrington, CISSP Senior Engineer NMI InfoSecurity Solutions (207) 780-6381, x236 http://www.nmi.net
Attachment:
smime.p7s
Description:
Current thread:
- Large increase in port 32772 activity Christopher Harrington (Dec 29)
- Re: Large increase in port 32772 activity Jeff Kell (Dec 29)