I was looking at a curious uptick in traffic to TCP port 6881. What caught my eye was that it was a immediate uptick from almost nothing and it has been sustained over a couple of weeks. Also, the number of sources has risen significantly compared to the past year. Here’s what it looks like now:
Here’s what it looked like over the past year. Notice the number of sources/day, especially for the time frame above :
If anyone has any packets or ideas, please send them in!
Source: SANS Internet Storm Center, InfoCON: green @ March 2, 2017 at 10:00PM