WTF tcp port 81
I don't know what of our tools you, our readers, use on a regular basis, but one of the things, I like to look at first when I login to isc.sans.edu is the Top 10 Ports by Unique Sources chart. This suggests coordinated (think botnets) scanning. So, I was really shocked to see port 81 had jumped up to 2nd position just behind all the Mirai-ish port 23 scanning. Take a look at the port 81 chart. If any of our readers have any insight into what is going on here since 16 Apr, plase let us know.
---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
I'll be teaching FOR610 in June, Sept, and Oct. See my schedule here: https://www.sans.org/instructors/jim-clausing
Keywords: scanning tcp port 81
6 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
×
Diary Archives
Comments
Anonymous
Apr 23rd 2017
7 years ago
- Joel Hilke
Anonymous
Apr 24th 2017
7 years ago
Anonymous
Apr 24th 2017
7 years ago
Anonymous
Apr 25th 2017
7 years ago
It is a new IOT botnet reported by netlab from 360 company.
More info below.
http://blog.netlab.360.com/a-new-threat-an-iot-botnet-scanning-internet-on-port-81-en/
Anonymous
Apr 25th 2017
7 years ago
Anonymous
Apr 25th 2017
7 years ago