Security Incidents mailing list archives

Large increase in port 32772 activity

From: "Christopher Harrington" <cmh () nmi net>
Date: Mon, 29 Dec 2003 10:00:09 -0500

All,

Several of our customers are seeing very significant increase in port
32772 activity. They are single packets of which I do not have the size.
One customer had over 1500 different hosts sending a single packet to
32772 in a 6 hour period. The vast majority of those hosts were probably
zombies since they were Verizon DSL, Comcast, AT&T ip addresses. I know
spammers look for 32772 to be open because Checkpoint can use this port
for SMTP. 

Anyone else seeing this?

Thanks,

-- 
Christopher Harrington, CISSP
Senior Engineer
NMI InfoSecurity Solutions
(207) 780-6381, x236
http://www.nmi.net

Attachment: smime.p7s
Description:

Current thread:

Large increase in port 32772 activity Christopher Harrington (Dec 29)
- Re: Large increase in port 32772 activity Jeff Kell (Dec 29)