Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Port Trends


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.

The following formula is used to calculate the trend:

sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
PortTrendService
4161silverplatter
202221ipulse-ics
2591cp-config, esro-gen
60251x11
142381palm-hotsync, palm-hotsync-manage
98741PortalofDoom
9121apex-mesh
461mpm-snd
500031[ICS] Siemens Spectrum Power TG
491tacacs
82001trivnet1
50711powerschool
279991tw-auth-key
59881wbem-http
5451appleqtcsrvr, ekshell
50021cd00r, LinuxRootkitIV(4), rfe, Shaft
451mpm
171851soundsvirtual
500061[ICS] Siemens Spectrum Power TG
59891wbem-https
2111914c
48401[ICS] OPC UA Discovery Server
58021Y3KRAT
180001biimenu, [ICS] Iconic Genesis32 GenBroker (TCP)
99911realsecure
98881cyborg-systems
56791dccm
291altavista-fw97, msg-icp
311Agent31, HackersParadise, MastersParadise, msg-auth
56781rrac
27031sms-chat
100821amandaidx
39871centerline
28111gsiftp
25571nicetec-mgmt
24541indx-dds
441Arctic, mpm-flags
23821ms-olap3
52691jabber-s2s
23701compaq-econnect, l3-hbmon
281altavista-fw97
99941palace-3
22201netiq
34641edm-mgr-sync
99951palace-4
381rap
4061imsp
24101vrts-registry
21351gris
20521clearvisn
181msp
26041nsc-ccs, ospfd
99921palace-1, realsecure
391rlp, SubSARI
21241elatelink
5551711trojan, dsf, Ini-Killer, IniKiller, NetAdministrator, Phase-0, PhaseZero, StealthSpy
99901realsecure
327761sometimes-rpc15, sometimes-rpc16
351priv-print
301Agent40421
60031x11
99971palace-6
23811compaq-https
29981realsecure
22231rockwell-csp3
25041wlbs
29101tdaccess
69121ShitHeep
27011sms-rcinfo
21061ekshell, mzap
59981ncd-diag
20651dlsrpn
8001mdbs_daemon
331dsp
87871BackOrifice2000, BO2K
21111dsatp, kx
33241active-net
50651[ICS] Telvent OASyS DNA
98761CyberAttacker, Rux, sd
33221active-net
22001ici
581DMSetup, xns-mail
4271svrloc
241BO2KControlPort, priv-mail
20871eli
40021pxc-spvr-ft
50031fmpro-internal
33951dyna-lm
59021vnc-2
2561fw1-sync, rap
21601apc-cms
271altavista-fw97, nsw-fe
55001fcp-addr-srvr1, hotline, securid
27171pn-requester
99981distinct32
60041x11
30031cgms
90991jetdirect
20681avauthsrvprtcl
30311agentvu, Microspy