Port 8909 Spike

Published: 2011-08-31. Last Updated: 2011-08-31 04:14:06 UTC
by Scott Fendley (Version: 2)
4 comment(s)

One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield.  However, we do not have any idea what was causing this.  Anyone have any packets or information with regard to this recent trend?   Please take a look at your netflows, or other packet captures and lets see if we can answer this question.

 

Update 1:

It appears that this one was perhaps easy to figure out.  Per www.proxynova.com/proxy-server-list/port-8909/  and mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html there appears to be a number of proxy servers in China (and elsewhere) which may be using this port.  One explanation for the spike may be related to individuals trying to find proxy servers which can be exploited.

 

Scott Fendley ISC Handler

Keywords:
4 comment(s)

Comments

Possibly looking for open proxies http://mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html
Yes I have noticed this to my firewall has been getting alot of weird ports form china ip address over the last 48 hours everything form 80 to 443 to 1093 and just the last port was 21701
Port probes and all-out port scans are ramping up from all over. Not just China. It looks like someone needs a bigger bot-net. I would assume that a big sale is in the underground pipes right now. I have also seen a lot of virus-laden emails being caught by my servers. Everything from speeding tickets to files that just say "for your review". Summer vacation is over. The little critters are back to work.
I might half guess that this may be a response to the SSL debocle. The market for funky routes just got big.

Diary Archives