Malware – New Satori variant may be creating TCP port 26 spikes
Uncategorized February 17th, 2021The use of unusual, rare, and specialty TCP/IP ports are often used to sneak past relaxed firewall rules. SANS ISC reports major spike in port 26 traffic
More weirdness on TCP port 26 (sans.edu)
Port 26 (tcp/udp) :: SpeedGuide
A little over a year ago, I wrote a diary asking what was going on with traffic on TCP port 26. So, last week when I noticed another spike on port 26. Based on looking at my honeypot traffic, it looks like a possible new variant of Satori. I’m still not sure why they are expecting to find telnet on port 26, but this is what I’m seeing in the honeypot.