|
madopal
|
 |
« on: November 19, 2007, 04:14:26 pm » |
|
You're right...most standard hacks hit the normal ports. If they're attacking the web, you see it on port 80. If they're attacking SSH, it's 22. This is the first time I've seen anything other than a SSH request on that port.
That's what I don't get. It seems like it would take too much time to comb all of those higher non-standard ports. So, that leads me to believe a) it was a mistake in their code, b) it was a mistake in their data (like my IP was a typo or something), or c) something else nonstandard runs on that port. I guess c is most likely...it's probably just luck, and they tried my machine to see if something was running there. If it was a common thing, I'd expect to have seen more GET's on that port, so it's probably some thing custom and I just came up on a warprobe or something.
|
|
|
|
|
|
|
|
