Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 4567 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 4567 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp FileNail [trojan] File Nail
tcp tram TRAM
udp tram TRAM
Top IPs Scanning
TodayYesterday
()172.104.092.168 (96)
()185.176.026.003 (61)
()205.205.150.221 (37)
()014.135.120.221 (33)
()081.022.045.229 (25)
()194.028.112.140 (14)
()185.176.027.042 (11)
()122.228.019.080 (10)
()046.183.163.251 (9)
()120.052.152.017 (8)
User Comments
Submitted By Date
Comment
Roy 2015-07-18 10:58:35
From what I can see, port 4567 is only open if you have FIOS TV. Its obvious purpose is to administer their set top boxes and DVRs. I don't like that port being open any more than anyone else does but I'm not going to assume nefarious intentions by Verizon nor will I assume there's a huge vulnerability. If they have chosen a user name and password correctly for that port it will be extremely hard to crack the combination. If they change the user name and password periodically it's even a tougher thing to break in (long randomly chosen character strings for each is a very secure lock on port 4567). This gives an adequate explanation of what the basic use of port 4567 must be about. https://www.broadband-forum.org/technical/download/TR-069_Amendment-5.pdf
Daniël van Eeden 2013-03-28 11:09:33
Port 4567 is used by Galera replication for MySQL
2010-01-05 14:45:32
Port 4567 is an (apparently TR-069 based) remote access port in Actiontec and Westell modems manufactured for Verizon FIOS, giving Verizon root access to all FIOS customer routers.
2009-01-02 03:10:04
Port 4567 is used by Actiontec to put a backdoor into their modems.
Add a comment
CVE Links
CVE # Description