The payload appears to indicate it is HTTP/2.0 and the protocol need to be updated with port TCP/3389 in order to parse the packet properly. These packets are from censys.io which is a site that provides internet discovery and inventory like Shodan. In my logs, the activity looked like this:Ģ0220822-014547: 192.168.25.9:3389-162.142.125.221:59430 data Handlers have published a few diaries over the years regarding this protocol. I have been getting these queries in my honeypot logs since end of December 2021 and decided to a diary on some of these packets using some basic analysis with Wireshark.
0 kommentar(er)
