Large increase in port 32772 activity

From: Christopher Harrington (cmh_at_nmi.net)
Date: 12/29/03

  • Next message: Jeff Kell: "Re: Large increase in port 32772 activity" 
    To: <incidents@securityfocus.com>
Date: Mon, 29 Dec 2003 10:00:09 -0500

    All,

    Several of our customers are seeing very significant increase in port
    32772 activity. They are single packets of which I do not have the size.
    One customer had over 1500 different hosts sending a single packet to
    32772 in a 6 hour period. The vast majority of those hosts were probably
    zombies since they were Verizon DSL, Comcast, AT&T ip addresses. I know
    spammers look for 32772 to be open because Checkpoint can use this port
    for SMTP.

    Anyone else seeing this?

    Thanks, 

    -- 
Christopher Harrington, CISSP
Senior Engineer
NMI InfoSecurity Solutions
(207) 780-6381, x236
http://www.nmi.net

  • Next message: Jeff Kell: "Re: Large increase in port 32772 activity"

    Relevant Pages

    • Re: Large increase in port 32772 activity
      ... > Several of our customers are seeing very significant increase in port ... They are single packets of which I do not have the size. ... Ports 32770-32789 are technically "RPC Loopback" ports. ...
      (Incidents)
    • Re: Linksys VOIP Modem 2102 on Tranzeo wireless
      ... For two customers, it's certainly overkill. ... at the cable end needs to be port forwarded. ... Each router will need to be setup with port ... the identical Linksys VoIP boxes, with the same VoIP service provider, ...
      (alt.internet.wireless)
    • RE: Port 608/trojan/spam
      ... "Last week I received spam complaints against 4 different customers, ... The only similarity ... I could find was port 608 open on each user's machine. ... For more information on this free incident handling, ...
      (Incidents)
    • POTS in charge again
      ... to maintain quality of service for all of our customers, ... today we shall block port 8181 because it ... On Friday, the 13th, we shall be blocking port 13. ...
      (uk.telecom.broadband)
    • Re: Inquirer on VMS support outsourcing to India
      ... We are asking for a port of VMS to IA32e; or some chip based on the IA32e ... either made by Intel or AMD.). ... (The feedback from customers around the proposal back then was basically negative, too, based on my recollection of the many customers that spoke at the Birds of a Feather meeting on the topic of open-sourcing it. ... An Intel 8086 16-bit port is basically not possible -- not and have the outcome of the effort look even remotely like an OpenVMS system, nor to have the results perform at anything better than decades-back glacial speeds. ...
      (comp.os.vms)