Port 8909 Spike
One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield. However, we do not have any idea what was causing this. Anyone have any packets or information with regard to this recent trend? Please take a look at your netflows, or other packet captures and lets see if we can answer this question.
Update 1:
It appears that this one was perhaps easy to figure out. Per www.proxynova.com/proxy-server-list/port-8909/ and mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html there appears to be a number of proxy servers in China (and elsewhere) which may be using this port. One explanation for the spike may be related to individuals trying to find proxy servers which can be exploited.
Scott Fendley ISC Handler
Comments
JAB_au
Aug 31st 2011
1 decade ago
Mike
Aug 31st 2011
1 decade ago
Al of Your Data Center
Aug 31st 2011
1 decade ago
Steven
Aug 31st 2011
1 decade ago