Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.
The following formula is used to calculate the trend:
sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
| Port | Trend | Service |
|---|---|---|
| 681 | 2 | entrust-aams |
| 495 | 1 | intecourier |
| 627 | 1 | passgo-tivoli |
| 505 | 1 | mailbox-lm |
| 426 | 1 | smartsdp |
| 754 | 1 | krb_prop, tell |
| 547 | 1 | dhcpv6-server |
| 467 | 1 | mylex-mapd |
| 781 | 1 | hp-collector |
| 439 | 1 | dasp |
| 581 | 1 | bdp |
| 386 | 1 | asa |
| 435 | 1 | mobilip-mn |
| 245 | 1 | link |
| 584 | 1 | keyserver |
| 749 | 1 | kerberos-adm |
| 992 | 1 | telnets |
| 594 | 1 | tpip |
| 503 | 1 | intrinsa |
| 350 | 1 | matip-type-a |
| 691 | 1 | msexch-routing |
| 205 | 1 | at-5 |
| 420 | 1 | Breach, Incognito, smpte |
| 356 | 1 | cloanto-net-1 |
| 176 | 1 | genrad-mux |
| 585 | 1 | imap4-ssl |
| 595 | 1 | cab-protocol |
| 379 | 1 | is99c |
| 565 | 1 | whoami |
| 221 | 1 | fln-spx |
| 469 | 1 | rcp |
| 366 | 1 | odmr |
| 149 | 1 | aed-512 |
| 396 | 1 | netware-ip |
| 148 | 1 | cronus, jargon |
| 782 | 1 | hp-managed-node |
| 287 | 1 | k-block |
| 349 | 1 | mftp |
| 201 | 1 | at-rtmp |
| 541 | 1 | uucp-rlogin |
| 321 | 1 | pip |
| 538 | 1 | gdomap |
| 365 | 1 | dtk |
| 801 | 1 | device |
| 154 | 1 | netsc-prod |
| 769 | 1 | vid |
| 527 | 1 | stx |
| 457 | 1 | scohelp |
| 432 | 1 | iasd |
| 572 | 1 | sonar |
| 197 | 1 | dls |
| 489 | 1 | nest-protocol |
| 579 | 1 | decbsrv |
| 799 | 1 | controlit |
| 263 | 1 | hdap |
| 103 | 1 | gppitnp |
| 357 | 1 | bhevent |
| 525 | 1 | timed |
| 132 | 1 | cisco-sys |
| 116 | 1 | ansanotify |
| 551 | 1 | cybercash |
| 19191 | 1 | opsec-uaa |
| 371 | 1 | clearcase |
| 177 | 1 | xdmcp |
| 204 | 1 | at-echo |
| 260 | 1 | openport |
| 129 | 1 | pwdgen |
| 377 | 1 | tnETOS |
| 556 | 1 | remotefs |
| 104 | 1 | acr-nema |
| 776 | 1 | wpages |
| 208 | 1 | at-8 |
| 127 | 1 | locus-con |
| 121 | 1 | AttackBot, erpc, GodMessage, JammerKillah |
| 532 | 1 | ibm-db2, netnews |
| 29 | 1 | altavista-fw97, msg-icp |
| 12753 | 1 | tsaf |
| 374 | 1 | legent-2 |
| 517 | 1 | talk |
| 466 | 1 | digital-vrc |
| 108 | 1 | snagas |
| 786 | 1 | concert |
| 55 | 1 | isi-gl |
| 400 | 1 | work-sol |
| 46 | 1 | mpm-snd |
| 117 | 1 | uucp-path |
| 12002 | 1 | entexthigh |
| 54 | 1 | xns-ch |
| 737 | 1 | sometimes-rpc2 |
| 447 | 1 | ddm-dfm |
| 72 | 1 | netrjs-2 |
| 1015 | 1 | DolyTrojan |
| 688 | 1 | realm-rusd |
| 98 | 1 | linuxconf, tacnews |
| 12701 | 1 | Eclipse2000 |
| 953 | 1 | rndc |
| 257 | 1 | fw1, set |
| 758 | 1 | nlogin |
| 999 | 1 | applix, Chatpower, DeepThroat, Foreplay, garcon, puprouter, WinSatan |
| 63 | 1 | via-ftp, whois++ |
