Skynet Skynet source port 52599

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

agilani

Very Senior Member
I noticed something interesting. Almost 90+ percent of all inbound traffic blocked is using source port 52599. Not sure why this would be unless they are mostly using the same toolset? And does this mean that by just blocking incoming source port 52599 I can block a whole lot of malicious traffic? I'm sure it may block some legitimate traffic outbound that may be sourced from the same port, but you should be able to apply it to inbound traffic only. Now i wish i had realtime flow data to analyze this.

1608308596025.png
 

agilani

Very Senior Member
Thanks. Where are you located? maybe the attack vectors are different for different geographies? its temping to install graylog again and feed all flow data and see if there is a pattern.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top