What's new

Skynet Skynet source port 52599

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

agilani

Very Senior Member
I noticed something interesting. Almost 90+ percent of all inbound traffic blocked is using source port 52599. Not sure why this would be unless they are mostly using the same toolset? And does this mean that by just blocking incoming source port 52599 I can block a whole lot of malicious traffic? I'm sure it may block some legitimate traffic outbound that may be sourced from the same port, but you should be able to apply it to inbound traffic only. Now i wish i had realtime flow data to analyze this.

1608308596025.png
 
Thanks. Where are you located? maybe the attack vectors are different for different geographies? its temping to install graylog again and feed all flow data and see if there is a pattern.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top