Port 2968 big rise - related to Symantec AV?
Port 2968 is getting quite a jump recently. Take a look at the graph below.
We suspect the jump is due to the recent Symantec AV 10.1 exploitation. The previous exploits generally hit on port 2967 since that's the port that Symantec AV listens on (for Windows). According to documentation from Symantec, port 2968 is only used for AV running on Netware servers. We are not sure at this point whether the attackers are targeting Netware server since other hosts have all been exploited already or if Symantec AV listens on port 2968 as a backup port. If you have any info on the port 2968 traffic, please let us know.
Keywords:
1 comment(s)
My next class:
Cloud Security for Leaders | Washington | Dec 13th - Dec 17th 2024 |
×
Diary Archives
Comments
Anonymous
Oct 4th 2015
9 years ago