Large increase in port 32772 activity

From: Christopher Harrington (cmh_at_nmi.net)
Date: 12/29/03

  • Next message: Jeff Kell: "Re: Large increase in port 32772 activity"
    To: <incidents@securityfocus.com>
    Date: Mon, 29 Dec 2003 10:00:09 -0500
    
    
    

    All,

    Several of our customers are seeing very significant increase in port
    32772 activity. They are single packets of which I do not have the size.
    One customer had over 1500 different hosts sending a single packet to
    32772 in a 6 hour period. The vast majority of those hosts were probably
    zombies since they were Verizon DSL, Comcast, AT&T ip addresses. I know
    spammers look for 32772 to be open because Checkpoint can use this port
    for SMTP.

    Anyone else seeing this?

    Thanks,

    -- 
    Christopher Harrington, CISSP
    Senior Engineer
    NMI InfoSecurity Solutions
    (207) 780-6381, x236
    http://www.nmi.net
    
    


    • application/x-pkcs7-signature attachment: smime.p7s

  • Next message: Jeff Kell: "Re: Large increase in port 32772 activity"

    Relevant Pages

    • Re: Large increase in port 32772 activity
      ... > Several of our customers are seeing very significant increase in port ... They are single packets of which I do not have the size. ... Ports 32770-32789 are technically "RPC Loopback" ports. ...
      (Incidents)
    • Re: Linksys VOIP Modem 2102 on Tranzeo wireless
      ... For two customers, it's certainly overkill. ... at the cable end needs to be port forwarded. ... Each router will need to be setup with port ... the identical Linksys VoIP boxes, with the same VoIP service provider, ...
      (alt.internet.wireless)
    • RE: Port 608/trojan/spam
      ... "Last week I received spam complaints against 4 different customers, ... The only similarity ... I could find was port 608 open on each user's machine. ... For more information on this free incident handling, ...
      (Incidents)
    • Re: not yet going with verizon and some questions
      ... I filed a complaint with FCC after they refused to port my ... make out the number to call or the name of the VZW manager. ... With 80 million customers they're bound to f--- up the accounts of a few, like yours obviously was, ... Accusing a megacorp of "refusing to port" your number "for spite" assigns to you the type of self-importance that conspiracy therorists and paranoids ...
      (alt.cellular.verizon)
    • POTS in charge again
      ... to maintain quality of service for all of our customers, ... today we shall block port 8181 because it ... On Friday, the 13th, we shall be blocking port 13. ...
      (uk.telecom.broadband)