19 Apr
2017
19 Apr
'17
8:01 a.m.
Ronen,
Ports 1025-1028 are "special" ports and alternatives for ports under <=
1024 in some operating systems (and might still be ran by root). Port
2323 is often used as a "Telnet alternative." It's also possible that
compromised IoT machines were commanded to open services on those ports.
I noted in an earlier email that I had netflow data...those ports came
up very often...and were blocked by my device.
Have you observed anything from your node?
- Lynwood
May you explain what is 1025-1028 and 2323 use for ? i havnt found it use in the
net