Re: [44net] syn and such attacks on 44 net lately ?

12 Apr 2014


      Maiko,
I see mostly HTTP (tcp/80) RDP (tcp/3389), Telnet (tcp/23), DNS (udp/53) 
and ping (ICMP type 8), just common port scans on the net. Mostly 
Advansed Persistent Threat gangs looking for vunerable machines via 
already compromised devices. They've been prevalent on the Internet 
since Mandiant exposed the ongoing "cyberwar."
N1URO is correct, HTTPS probing was probably started when Heartbleed was 
announced...
...if you have records of connections before it was made public on April 
8th (as I recall), that information may be useful...you may have 
discovered someone who knew/exploited the HTTPS/OpenSSL threat pre zero-day.
-KB3VWG

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] syn and such attacks on 44 net lately ?