[SANS ISC] DShield Data Analysis: Taking a Look at Port 45740 Activity, (Thu, Jun 3rd)

At the SANS Internet Storm Center (ISC), handlers frequently analyze data submitted from DShield participants to determine activity trends and potential attacks. A few days ago on May 31st, I observed a small anomaly for %%port:45740%% and decided to monitor it for the next 3 days or so. There was a huge spike in number of sources/day and reports/day recorded on May 31st as shown in Figure 1.

Figure 1: Port 45740 Activity (Taken June 1, 2021)

I did not receive any probes on this port on my sensors, but after digging into the DShield data, it was observed that the reported traffic to port 45740 were sent via UDP.

Over the next few days (till June 3, 2021), the number of sources/day and reports/day have dropped drastically as compared to May 31 (with reference to Figure 2). A check on Censys and Shodan did not yield any interesting findings, although there were some mentions of Distributed Hash Table (DHT) along with some IP addresses and port 45740 as a pair.

Figure 2: Port 45740 Activity (Taken June 3, 2021)

If anyone has any insights or information that could help shed light on this phenomenon, please comment down below, contact us via our contact page or e-mail us.

———–
Yee Ching Tok, ISC Handler
Personal Site
Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[BleepingComputer] Three UK telco bug has customers receiving and making random calls

Customers of the Three UK telco company are panicking as they receive¬†a series of random phone calls due to an ongoing issue.¬†Likewise, outbound calls from customers are being routed to random strangers. […] Source: Read More (BleepingComputer)

Read More

[ThreatPost] The State of Incident Response: Measuring Risk and Evaluating Your Preparedness

All posts, ThreatPost

Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster. Source: Read More (Threatpost)

Read More

[ZDNet] ACCC hauls Telstra, Optus, and TPG to court on alleged misleading NBN FttN speed claims

All posts, ZDNet

Trio of telcos alleged to have made misleading claims about their 50Mbps and 100Mbps fibre-to-the-node plans. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.