Trends of Ports

The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.

The following formula is used to calculate the trend:

sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
PortTrendService
220011optocontrol
92001wap-wsp
66731vision_elmd
23681opentable
41601jini-discovery
313391NetSpy(DK), NetSpyDK
270011flex-lm
66711DeepThroat
59021vnc-2
202221ipulse-ics
181841opsec-lea
290051starsiege
56321pcanywherestat
5631962pcanywheredata
27004939flex-lm
2937compressnet, Death
6665932ircu
2479929ssm-els
5432911postgres
6672888vision_server
54321875BackOrifice2000, SchoolBus
23238653d-nfsd
6670862BackWebServer, DeepThroat, Foreplay, vocaltec-gold, WinNukeeXtreame
39213852Sygate
3390834dsc
8009818netware-rmgr
2222793AMD, rockwell-csp2
1084788ansoft-lm-2
1083778ansoft-lm-1, WinHole
2001777dc, DerSpherDerSpaeher, DerSpäher, TrojanCow, wizard
1082759amt-esd-prot, WinHole
6668755irc, ircu
8082752blackice
587731submission
808728WinHole
2301718compaqdiag, cpq-wbem
1081713pvuniwien, WinHole
5800710vnc
5555710personal-agent, rplay, ServeMe
7699echo
995683pop3s
82680xfer
6669648HostControl, ircu, Vampire
7777642cbt, FWTK-authsvr, GodMessage, oracle-portal, TheThing(modified), Tini
6667612DarkFTP, EGO, irc, ircu, kaitex, Maniacrootkit, Moses, ScheduleAgent, SubSeven, Subseven2.1.4DefCon8, TheThing, Trinity, WinSatan
6060599x11
8443592pcsync-ssl
7778591interwise, UnReal_UT
8081589blackice
65535577Adoreworm, RC1trojan, Sins
1900564ssdp
993560imaps
3072557csd-monitor
4001543newoak
9000535cslistener, Netministrator
88510BackDoor-AXC, kerberos
8008484http-alt, novell-http
27015436halflife
30017425teleop
9090420websm, zeus-admin
8888389ddi-tcp-1, ddi-udp-1, sun-answerbook
12345380Adoresshd, Ashley, cron/crontab, FatBitchtrojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, NetBusToy, NetBusworm, PieBillGates, TMListen, ValvNet, WhackJob, X-bill
5901375vnc-1
500374isakmp
123373NetController, ntp
143371imap
1234359hotline, search-agent, SubSevenJavaclient, UltorsTrojan
1351SocketsdesTroie, tcpmux
110326pop-3, ProMailtrojan
6588296AnalogX
6666267DarkConnection, DarkConnectionInside, irc-serv, ircu, NetBusworm, TCPShell.c
3262compressnet
161257snmp
3306245mysql
21202AudioGalaxy, BackConstruction, BladeRunner, CattivikFTPServer, CCInvader, DarkFTP, DolyTrojan, Fore, FreddyK, ftp, InvisibleFTP, Juggernaut42, Larva, MotIvFTP, NetAdministrator, Ramen, RTB666, SennaSpyFTPserver, Traitor21, WebEx, WinCrash, [trojan]TheFlu
1080183socks, SubSeven2.2, WinHole
8000176irdmi
3128173ReverseWWWTunnel, RingZero, squid-http
1023164gs400-nas
22161Adoresshd, pcanywhere, Shaft, ssh
8080159BrownOrifice, Genericbackdoor, http-alt, RemoConChubo, ReverseWWWTunnel, RingZero
4899136radmin
5900135vnc
81134docs-to-go, hosts2-ns, RemoConChubo
1024130Jade, kdm, Latinus, NetSpy, RAT
443123https
5000100BackDoorSetup, BioNetLite, Blazer5, Bubbel, commplex-main, fics, ICKiller, pitou, Ra1d, SocketsdesTroie, upnp
312764ctx-bridge, mydoom
143361ms-sql-s
2358ADMworm, FireHacKer, MyVeryOwntrojan, RTB666, telnet, TelnetPro, TinyTelnetServer, TruvaAtl
2548Ajan, Antigen, Barok, BSE, EmailPasswordSender, EPSII, Gip, Gris, Happy99, Hpteammail, Hybris, Iloveyou, Kuang2, MagicHorse, MBT, MBTMailBombingTrojan, MoscowEmailtrojan, Naebi, NewAptworm, ProMailtrojan, Shtirlitz, smtp, Stealth, Stukach, Tapiras, Terminator, WinPC, WinSpy
506047sip
143443ms-sql-m
13938Chode, GodMessageworm, Msinit, netbios-ssn, Netlog, Network, Qaz, Sadmind, SMBRelay
5336ADMworm, domain, Lion
13733Chode, Msinit, netbios-ns, Qaz
8024711trojan, 8085, AckCmd, BackEnd, BO2000Plug-Ins, Cafeini, CGIBackdoor, Executor, GodMessage, GodMessage4Creator, Hooker, http, IISworm, MTX, NCX, Noob, Ramen, ReverseWWWTunnel, RingZero, RTB666, Seeker, WANRemote, WebDownloader, WebServerCT, www
13522epmap, loc-srv
44516microsoft-ds
1792.7bgp