Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
The "Trend" is an attempt to put a number to the increase in activity for a given port.
Right now, I am comparing the last 24 hours to the last 30 days.
So if we see a rise in activity compared to the last 30 days, the trend is high.
The following formula is used to calculate the trend:
sqrt( (S-s)^2/s + (T-t)^2/t ) )
S: number of source IPs hitting this port last 24 hrs.
s: average number of source IPs hitting this port each day (last 30 days).
T/t: same for target IPs detecting scans on this port.
| Port | Trend | Service |
|---|---|---|
| 776 | 1 | wpages |
| 108 | 1 | snagas |
| 96 | 1 | dixie |
| 873 | 1 | rsync |
| 280 | 1 | http-mgmt |
| 87 | 1 | priv-term-l |
| 256 | 1 | fw1-sync, rap |
| 75 | 1 | priv-dial |
| 18888 | 1 | apc-necmp |
| 23432 | 1 | Asylum |
| 5432 | 1 | postgres |
| 427 | 1 | svrloc |
| 218 | 1 | mpp |
| 60 | 1 | Unassigned |
| 29005 | 1 | starsiege |
| 33 | 1 | dsp |
| 11 | 1 | systat |
| 9200 | 1 | wap-wsp |
| 692 | 1 | GayOL, hyperwave-isp |
| 520 | 1 | efs, route |
| 828 | 1 | itm-mcell-s |
| 5631 | 1 | pcanywheredata |
| 101 | 1 | hostname |
| 629 | 1 | 3com-amp3 |
| 652 | 1 | hello-port |
| 975 | 1 | securenet |
| 182 | 1 | audit |
| 660 | 1 | mac-srvr-admin |
| 186 | 1 | kis |
| 645 | 1 | pssc |
| 630 | 1 | rda |
| 751 | 1 | kerberos_master, pump |
| 58 | 1 | DMSetup, xns-mail |
| 586 | 1 | password-chg |
| 650 | 1 | bwnfs, obex |
| 747 | 1 | fujitsu-dev |
| 730 | 1 | netviewdm2 |
| 680 | 1 | entrust-aaas |
| 84 | 1 | ctf |
| 764 | 1 | omserv |
| 996 | 1 | vsinet, xtreelic |
| 772 | 1 | cycleserv2 |
| 598 | 1 | sco-websrvrmg3 |
| 27005 | 1 | flex-lm |
| 634 | 1 | ginad |
| 681 | 1 | entrust-aams |
| 467 | 1 | mylex-mapd |
| 535 | 1 | iiop |
| 564 | 1 | 9pfs |
| 493 | 1 | ticf-2 |
| 268 | 1 | td-replica |
| 760 | 1 | krbupdate, ns |
| 994 | 1 | ircs |
| 459 | 1 | ampr-rcmd |
| 773 | 1 | notify, submit |
| 565 | 1 | whoami |
| 475 | 1 | tcpnethaspsrv |
| 526 | 1 | tempo |
| 519 | 1 | utime |
| 486 | 1 | avian, sstats |
| 537 | 1 | nmsp |
| 449 | 1 | as-servermap |
| 266 | 1 | sst |
| 43 | 1 | whois |
| 998 | 1 | busboy, puparp |
| 771 | 1 | rtip |
| 358 | 1 | shrinkwrap |
| 397 | 1 | mptn |
| 8009 | 1 | netware-rmgr |
| 555 | 1 | 711trojan, dsf, Ini-Killer, IniKiller, NetAdministrator, Phase-0, PhaseZero, StealthSpy |
| 428 | 1 | ocs_cmu |
| 366 | 1 | odmr |
| 399 | 1 | iso-tsap-c2 |
| 566 | 1 | streettalk |
| 491 | 1 | go-login |
| 536 | 1 | opalis-rdv |
| 440 | 1 | sgcp |
| 505 | 1 | mailbox-lm |
| 426 | 1 | smartsdp |
| 393 | 1 | dis, meta5 |
| 394 | 1 | embl-ndt |
| 364 | 1 | aurora-cmgr |
| 423 | 1 | opc-job-start |
| 384 | 1 | arns |
| 314 | 1 | opalis-robot |
| 348 | 1 | csi-sgwp |
| 248 | 1 | bhfhs |
| 351 | 1 | bhoetty, matip-type-b |
| 246 | 1 | dsp3270 |
| 69 | 1 | BackGate, tftp |
| 420 | 1 | Breach, Incognito, smpte |
| 569 | 1 | ms-rome |
| 769 | 1 | vid |
| 413 | 1 | smsp |
| 242 | 1 | direct |
| 523 | 1 | ibm-db2 |
| 370 | 1 | codaauth2 |
| 214 | 1 | vmpwscs |
| 404 | 1 | nced |
| 911 | 1 | DarkShadow, xact-backup |
