Read the original article: Attack traffic on TCP port 9673, (Fri, May 1st)
I don't know how many of you pay attention to the Top 10 Ports graphs on your isc.sans.edu dashboard, but I do. Unfortunately, the top 10 is pretty constant, the botnets are attacking the same ports. What I find more interesting is anomalous behavior. Changes from what is normal on a given port. So, a little over a week ago, I saw a jump on a port I wasn't familiar with.
Read the original article: Attack traffic on TCP port 9673, (Fri, May 1st)