Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: TCP/UDP Port Activity - SANS Internet Storm Center TCP/UDP Port Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sources
Targets
[show ascii data]


   

Port Information
Protocol Service Name
tcp telnet
udp telnet
tcp ADMworm [trojan] ADM worm
tcp FireHacKer [trojan] Fire HacKer
tcp MyVeryOwntrojan [trojan] My Very Own trojan
tcp RTB666 [trojan] RTB 666
tcp TelnetPro [trojan] Telnet Pro
tcp TinyTelnetServer [trojan] Tiny Telnet Server - TTS
tcp TruvaAtl [trojan] Truva Atl
[get complete service list]
User Comments
Submitted By Date
Comment
2015-12-27 03:19:02
say, another thought, there's a "Snort" rule that appears to alert if a Juniper Network backdoor password attempt was made. (https://gist.github.com/fox-srt/ca94b350f2a91bd8ed3f) does that mean that, with all these port 23 hits happening, that the Juniper backdoor could have been found years ago by pretty much anyone on the Internet who just monitored the actual packets they were being probed with? if any of them were actually such attempts. maybe they'd have to use it to do some scanning themselves to find what it was for though. does anyone do that?
2015-12-27 03:18:55
Gee, activity on this ssl port became really strong around the middle of 2012, and the Juniper Networks ssl backdoor showed up around the middle of 2012. Only nobody knew it then. How did that happen?
Add a comment
CVE Links
CVE # Description
CVE-2015-14 Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."
CVE-2015-7755 Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session.