I was onsite today with a client and they still use Scorpion Softwares Firewall Dashboard product to monitor their ISA 2004 server. The morning report came in and it showed that from some time yesterday there had been a massive increase in the attacks on their server. I dug a little deeper and found that the attacks were all destined for port 48195. I did some digging and found nothing out there at the moment, so I pinged a few security people I know (Susan Bradley and Dana Epp) – they too knew nothing.
From what I can see – the source IP’s are all different Aussie ISPs – it makes me suspect that there is some Malware out there on infected machines that is trying to attack various hosts. Watch out for more on this as I find out.