Port 12345 / NAT fingerprint

Published: 2004-02-04. Last Updated: 2004-02-04 23:04:32 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Port 12345


We noticed an increase in the targets and records of port 12345. While the source number is still stable, this traffic is considered suspicious.
The graph of this activity can be found here: http://www.dshield.org/port_report.php?port=12345

We are requesting some packet dumps of this activity. Tcpdump/Windump format is preferable.





NAT devices fingerprint


A request for data was posted today at the Intrusions List.
Johannes Ullrich, ISC's CTO is requesting help to
fingerprinting various NAT devices based on source ports.


If you have a NAT device, please hit this page:
http://isc.sans.org/nattest.html

It will tell you the source port, and allow you to fill in
the NAT device you use to have it emailed to ISC database.

-------------------------------------------------------------------------------

Handler on duty: Pedro Bueno
Keywords:
0 comment(s)

Comments


Diary Archives