Monday, September 15, 2008

Surge in portscanning for tcp/32709

Since Saturday, my firewall logs show a tremendous surge (>1000x normal volume) in portscans for TCP port 32709. The scans all originate from Asia Pacific IP-ranges. If any reader has a suggestion as to what might be the cause of it, please drop me a line!



Traffic patterns looks like this:



     60.0.228.175:  3526 -> 32709 [TCP]
60.0.228.175: 4459 -> 32709 [TCP]
60.0.228.175: 3435 -> 32709 [TCP]
60.0.228.175: 4871 -> 32709 [TCP]
60.0.228.175: 3667 -> 32709 [TCP]
60.0.228.175: 4459 -> 32709 [TCP]
60.0.228.175: 3603 -> 32709 [TCP]
60.0.228.175: 3435 -> 32709 [TCP]
60.0.228.175: 3721 -> 32709 [TCP]
60.0.228.175: 4459 -> 32709 [TCP]
60.0.228.175: 3721 -> 32709 [TCP]
60.0.228.175: 3667 -> 32709 [TCP]
60.0.228.175: 3526 -> 32709 [TCP]
60.0.228.175: 3435 -> 32709 [TCP]
60.0.228.175: 3526 -> 32709 [TCP]
60.0.228.175: 3603 -> 32709 [TCP]
60.0.228.175: 3667 -> 32709 [TCP]
60.0.228.175: 4871 -> 32709 [TCP]
60.0.228.175: 3603 -> 32709 [TCP]

The dshield port report also seems to depict an upwards trend in scans for this port.



No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.