Trends of Ports

The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.

The following formula is used to calculate the trend:

sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
PortTrendService
92001wap-wsp
41601jini-discovery
66711DeepThroat
2937compressnet, Death
23238653d-nfsd
6670862BackWebServer, DeepThroat, Foreplay, vocaltec-gold, WinNukeeXtreame
8009818netware-rmgr
2222793AMD, rockwell-csp2
6668755irc, ircu
8082752blackice
808728WinHole
2301718compaqdiag, cpq-wbem
7777715cbt, FWTK-authsvr, GodMessage, oracle-portal, TheThing(modified), Tini
179702bgp
7699echo
995683pop3s
82680xfer
8443604pcsync-ssl
993596imaps
8081589blackice
1900564ssdp
3072557csd-monitor
88510BackDoor-AXC, kerberos
5060505sip
27015436halflife
9090420websm, zeus-admin
1234416hotline, search-agent, SubSevenJavaclient, UltorsTrojan
8888389ddi-tcp-1, ddi-udp-1, sun-answerbook
12345380Adoresshd, Ashley, cron/crontab, FatBitchtrojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBusToy, NetBusworm, PieBillGates, TMListen, ValvNet, WhackJob, X-bill
5901375vnc-1
500374isakmp
123373NetController, ntp
143371imap
1351SocketsdesTroie, tcpmux
110337pop-3, ProMailtrojan
6666267DarkConnection, DarkConnectionInside, irc-serv, ircu, NetBusworm, TCPShell.c
161257snmp
3306245mysql
21202AudioGalaxy, BackConstruction, BladeRunner, CattivikFTPServer, CCInvader, DarkFTP, DolyTrojan, Fore, FreddyK, ftp, InvisibleFTP, Juggernaut42, Larva, MotIvFTP, NetAdministrator, Ramen, RTB666, SennaSpyFTPserver, Traitor21, WebEx, WinCrash, [trojan]TheFlu
1080183socks, SubSeven2.2, WinHole
8000176irdmi
3128173ReverseWWWTunnel, RingZero, squid-http
1023164gs400-nas
22161Adoresshd, pcanywhere, Shaft, ssh
8080159BrownOrifice, Genericbackdoor, http-alt, RemoConChubo, ReverseWWWTunnel, RingZero
4899136radmin
5900135vnc
81134docs-to-go, hosts2-ns, RemoConChubo
1024130Jade, kdm, Latinus, NetSpy, RAT
443123https
5000100BackDoorSetup, BioNetLite, Blazer5, Bubbel, commplex-main, fics, ICKiller, pitou, Ra1d, SocketsdesTroie, upnp
143361ms-sql-s
2358ADMworm, FireHacKer, MyVeryOwntrojan, RTB666, telnet, TelnetPro, TinyTelnetServer, TruvaAtl
2548Ajan, Antigen, Barok, BSE, EmailPasswordSender, EPSII, Gip, Gris, Happy99, Hpteammail, Hybris, Iloveyou, Kuang2, MagicHorse, MBT, MBTMailBombingTrojan, MoscowEmailtrojan, Naebi, NewAptworm, ProMailtrojan, Shtirlitz, smtp, Stealth, Stukach, Tapiras, Terminator, WinPC, WinSpy
143443ms-sql-m
13938Chode, GodMessageworm, Msinit, netbios-ssn, Netlog, Network, Qaz, Sadmind, SMBRelay
5336ADMworm, domain, Lion
13733Chode, Msinit, netbios-ns, Qaz
8024711trojan, 8085, AckCmd, BackEnd, BO2000Plug-Ins, Cafeini, CGIBackdoor, Executor, GodMessage, GodMessage4Creator, Hooker, http, IISworm, MTX, NCX, Noob, Ramen, ReverseWWWTunnel, RingZero, RTB666, Seeker, WANRemote, WebDownloader, WebServerCT, www
13522epmap, loc-srv
44516microsoft-ds
33892.13ms-term-services
262620.83k3software-svr