[Dshield] port 11768
Brance Amussen :)_S
brance at jhu.edu
Wed Jan 12 16:22:49 GMT 2005
Can you post or email a capture of a conversation of one of these IP's?
The reason I ask is this sound almost exactly what I am seeing on a
different port, 1-4 packets per IP average of 2. But the port I am seeing
this on is 58939, and UDP, but just like the port 11768 I find nothing
online except the archives of these posts..
May be a shot in the dark, but it isn't odd for a worm/virus etc to use any
of the unassigned high number ports, so it could be the same thing...
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Henry Hertz Hobbit
Sent: Tuesday, January 11, 2005 4:01 PM
To: list at lists.dshield.org
Subject: [Dshield] port 11768
What is up with this port? Nobody seems to have anything on it anywhere,
yet the majority of things bouncing off my WAN port are now directed at
11768. If it were a worm it seems like Symantec or somebody would know
about it. So far I can't seem to find any reference to it.
I get 1-4 packets per IP, with the average being 2. Since it is an
unassigned port I am rather reluctant to ask about it. It may just be an
anomaly that only I am seeing.
-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list