Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp tributary Tributary
udp tributary Tributary
Top IPs Scanning
Today Yesterday
User Comments
Submitted By Date
Comment
Leonid Rosenboim 2009-10-04 18:45:22
"Tributary" is a software development tool by bristol.com, this port is officially assigned to the tool. http://www.bristol.com/tributary/whitepaper.htm Increasing port scan activity on this port either means someone has found an exploit in "Trubutary" tool and looking for unfiltered hosts with this tool to own, or this could be some new worm strain that happened by chanse to use this port number, and has no connection to Bristol's tools.
Leonid Rosenboim 2009-10-04 18:45:22
Very likely these events where caused by the use of KaZaa P2P file sharing application, which would elect different non-standard local ports, if its primary port 1214 is blocked or "rate limitter" by the ISP. One ISP who is known to crack down on KaZaa is RoadRunner. Port 2580 is one of a list of many "alternate" ports that KaZaa will attempt to use when port 1214 is not functioning, will advertise these ports (with the IP address) to many othe rpeers, who will keep this information in their caches for many days (or weeks), and will continue to probe the previously advertised IP+port combination for some time thereafter. Other port incidents may be related to KaZaa too, when most of the conditions below are met: 1. The logged attempts are UDP (KaZaa initially probes a peer with UDP) 2. If the nuimber of Target IPs is small rel Source IPs 3. If the owner of Target IP (or any of the machines behind that FW) has attempted to run a P2P file sharing utility in the recent past. (If known) 4. If a significant portion of the Source Port is 1214. May be also applicable to other P2P applications, e.g. Morpheus, FasTrack, tbd.
Rodney Wise 2002-10-16 21:49:07
There is an on-going discussion about the increase of the port 2580 intrusion attempts at: http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&selm=d8e29bba.0210131106.3471cf3d%40posting.google.com
CVE Links
CVE # Description