Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Port 51616 - Got Packets? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 51616 - Got Packets?

We're looking for any info or packets that target port 51616.   After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know.    

The most useful snapshot of port activity can be seen in this graph image.  I ran the graphs as far back as 2006 and nothing more signifcant was illustrated.   The image below highlights yesterdays events as well as a more curious spike back in March.  These counts do not seem very significant at first look, but they could clearly be telling us something.   

Port 51616 - Mar 2013 to May 2013

So drop us a comment to share what you know.  We're interested to attribute this traffic to something useful.

[1] https://isc.sans.edu/port.html?port=51616

 

Kevin Shortt

81 Posts
ISC Handler
I've seen a number of snort hits for this sig.

ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack!

Source port 8089, Dest port 51616

The majority of the IPs are associated with Malware, Proxies, Tor and Bruteforce SSH.
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!