Hi There
Just wanted to find out if customers or partners are picking up several port scans (UDP Ports specifically) , triggered from SEP IPS and source of attack mostly the domain controllers?
The concern I have is I do not want to exclude them as it may be an indication the domain controller has been compromised and I know the customer has been heavily infected with Backdoor malware (Houdini variant) - Backdoor VBS Dunihi
I have tried to research if Domain Controller would try connect to machines UDP ephemeral port ranges for any reason and can not find anything saying this is normal behavior?
Also should I then create a rule to block these port scans? Port seems to change?
Somebody is scanning your computer. Your computer's UDP ports: 49445, 51127, 60636, 58704 and 50265 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 53920, 62047, 55332, 54978 and 50907 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 54428, 62216, 62220, 61492 and 61493 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 55052, 62236, 65532, 49722 and 59798 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 55091, 57318, 58272, 51649 and 52590 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 55509, 52103, 52745, 53160 and 54755 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 57445, 52315, 56399, 55822 and 60884 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 58504, 59305, 53659, 53660 and 57445 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 59704, 57510, 57509, 58171 and 57511 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 60486, 60487, 60488, 53581 and 61609 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 60777, 60778, 62762, 62763 and 53026 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 61079, 56231, 60803, 50195 and 53559 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 62415, 61589, 61590, 54034 and 57220 have been scanned from |
Somebody is scanning your computer. Your computer's UDP ports: 63520, 63519, 63521, 58988 and 57536 have been scanned from |
Don't know if anyone else is experiencing this?