SCAN Wiki - Question6

Key Pages: Home | WhoIs | TraceRoute | Timeline | Investigations | WikiSyntax | Recent Changes

Recently Viewed: Question2 > Question3 > Question4 > Question5 > Question6

Question6

Question N6

•	Any unidentified/anomalous traffic observed?

Please suggest hypothesis for why it is there and what it indicates.

Anomalous Traffic Observed

•	DailyFeb3 - Traffic spikes spotted from DetailGraph

•	DstPort5 - 217.219.118.194

•

•	DstPort18 - 81.196.129.x

•	DstPort113 - identd.... but NOT always....

•	127.0.0.1 - Strange Packets from localhost - Related to a bad workaround against Blaster

•	Spoofed - 192.168.0.0

•	DstPort1051

•	DstPort3184

•	SrcDstPort137

•	DstPort3184 - strange scan pattern noted while looking at port 3184, which in turn was contacted from a honeypot as seen in OutgSYN - maybe compromise

Extra Reference

•

•	Investigations

•	Question5 - Internet noise

•	Question2 - Malware

•	Question4 - Scans observed

•	Question7 - Compromises