Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 20000 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 20000 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp Millenium [trojan] Millenium
udp dnp DNP
UDP [ICS] DNP3 [ICS] DNP3
TCP [ICS] DNP3 [ICS] DNP3
Top IPs Scanning
TodayYesterday
89.248.174.193 (4392)92.118.37.88 (474)
198.108.67.80 (832)185.176.27.14 (314)
31.184.218.69 (133)120.52.152.21 (158)
198.108.67.132 (75)198.108.67.138 (108)
198.108.67.130 (72)198.108.67.133 (103)
198.108.67.137 (71)198.108.67.142 (103)
198.108.67.136 (70)198.108.67.129 (97)
198.108.67.141 (69)198.108.67.131 (95)
198.108.67.143 (68)198.108.67.128 (91)
198.108.67.142 (68)198.108.67.132 (89)
Port diary mentions
URL
Port 20000TCP Activity
User Comments
Submitted By Date
Comment
2012-09-12 13:17:33
This port is also used for communications in SCADA systems
Steve 2010-01-05 14:45:06
I have large amounts of UDP traffic on port 20000 that is being identified and Mariposa C&C traffic
Randy 2008-12-11 01:21:34
Port 20000 and 20001 are used as standard ports by Autonomy (http://www.autonomy.com/)for its DiSH service.
Mark FAbro 2008-12-11 01:18:50
Has anyone REALLY spent time recently doing analysy on the traffic? Abeline still has this tracking as in the top 10.
2007-12-07 16:02:31
This is the default port used by Usermin. Older versions are vulnerable to the same arbitrary file disclosure bug as Webmin; consult BID 18744 (CVE-2006-3392).
2007-02-12 12:19:37
I use this port for bittorrent, so packet analysis is needed.
Sean McBride and Ray Fink 2007-01-10 20:02:26
Port 20000 is also the default port for Usermin servers
Add a comment
CVE Links
CVE # Description