[Intrusions] unusual activity on IP based ports?
Joel Esler
eslerj at gmail.com
Wed Aug 3 12:52:39 GMT 2005
Very very possible. I can't mention the name of the malware or any more
details, but I would get some actual tcpdumpped packets and submit them in
here.
J
On 8/2/05, man at tfhs.net <man at tfhs.net> wrote:
>
> i have 3 boxes on same subnet on internet. each box is probed a couple
> times per day on a single port from 2 or 3 machines. the interesting thing
> is that the port is different for each of my hosts, but always consistent
> on that host from one day to the next.
>
> any chance someone has seen some malware that hashes the IP its probing to
> come up with a unique port?
>
> allan
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list