All Questions
3
questions
0
votes
3
answers
900
views
Why would a legitimate application run on a non-standard port?
Among the many "threats", I see on my SIEM, a non-standard port is a top one. It's always been a false positive, but I don't understand why this happens frequently?
1
vote
0
answers
183
views
Machine reaching out to Microsoft IP address using NBTstat command
I have limited logs for this event but the IPS says its a NBTstat query outbound over UDP port 137 to a Microsoft owned IP address.
Should UDP 137 ever reach out externally?
This is about all the ...
2
votes
1
answer
467
views
Dealing with "trojan" ports
We have a SOC which "monitors" our network activity, it basically collects all logs from all our firewalls and creates reports.
We have a huge network with hundreds of servers and upto 2000 users, ...