Page 13 - index
P. 13
8080) as displayed in Figure Two (2). Note the number of events targeting each port are
relatively equivalent:
Figure Two (2): 218.77.79.43 destination port breakdown, August 2014
The activity observed indicates multiple timed and ongoing scans were occurring, with
overlapping activity on the other targeted ports. The scans occurred over a six hour interval with
subsequent bursts detected a few hours later.
Figure Three (3) shows a detailed view of the targeted destination ports below 1024, which
display distinct patterns:
Figure Three (3): Destination Ports below 1024, August 2014
Further investigation revealed that the IP 218.77.79.43 creating this activity had been the
subject of quite a bit of chatter and documentation across the Web. Researching the IP might
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
