Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC Port Trends


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.

The following formula is used to calculate the trend:

sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
PortTrendService
9941ircs
279991tw-auth-key
450541invision-ag
60601x11
60361x11
50111modified, OneoftheLastTrojans, telelpathattack
50711powerschool
58881Y3KRAT
871priv-term-l
92001wap-wsp
22201netiq
65151game-play, McAfee-http
74241HostControl
69121ShitHeep
33951dyna-lm
180801puremessage
151B2, netstat
70041afs3-kaserver
22001ici
51rje
51001cobalt-raq
61441statsci1-lm
9901ftps
614391netprowler
640016400, info-aps, TheThing
431whois
60011x11
20141raid-sf, troff
111systat
33051odette-ftp
873971rsync
5432959postgres
2958compressnet, Death
2880931synapse
2624919aria
8192916snapstream
2368909opentable
23239043d-nfsd
5632902pcanywherestat
3391901savant
4096901bre
5001898BackDoorSetup, commplex-link, SocketsdesTroie
2304896attachmate-uts
4160888jini-discovery
30000883Infector
2112881idonix-metanet, kip
3328876egptlm
41524876ArcServe
3392876efi-lm
3390875dsc
5061873sip-tls
7001864afs3-callback, Freak2k, Freak88, NetSnooperGold
1920857can-ferret
1280852pictrography
2816843lbc-watchdog
1533839Backdoor.Miffice, sametime, virtual-places
1333835passwrd-policy
3130825icpv2, squid-ipc
1856810fiorano-msgsvc
2425808fjitsuappmgr
8009805netware-rmgr
1088803cplscrambler-al
22222801DonaldDick, Prosiak, Ruler, RUXTheTIc.K
8082781blackice
1911780mtp
1344777icap
1792769ibm-dt-2
79766BO2KDataPort, CDK, finger, Firehotcker
119765Happy99, nntp
6000761TheThing, x11
1600749DirectConnection, issd, Shivka-Burka, ShivkaBurka
808748WinHole
3129740MastersParadise
1081735pvuniwien, WinHole
17735qotd
3000735hbci, InetSpy, ppp, RemoteShut, remoteware-cl
2048734dls-monitor
1536728ampr-inter, W32bckdr
5555728personal-agent, rplay, ServeMe
7711echo
5800696vnc
1471690csdmbase
7777677cbt, FWTK-authsvr, GodMessage, oracle-portal, TheThing(modified), Tini
1521675ncube-lm, oracle, oracle-tns
1998674x25-svc-port
9091665xmltec-xmlmail
2001659dc, DerSpherDerSpaeher, DerSpäher, TrojanCow, wizard
1352658lotusnote
2002648globe, p2p, slapper, TransScout
5101647yahoo-peer
6667629DarkFTP, EGO, irc, ircu, kaitex, Maniacrootkit, Moses, ScheduleAgent, SubSeven, Subseven2.1.4DefCon8, TheThing, Trinity, WinSatan
1723598pptp
111594sunrpc
2560590labrat
8001590vcom-tunnel
3072588csd-monitor
9100588jetdirect
65535587Adoreworm, RC1trojan, Sins
8081579blackice
9999555distinct, ThePrayer