Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: TCP/UDP Port 5555 Activity - SANS Internet Storm Center TCP/UDP Port 5555 Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp personal-agent Personal Agent
tcp ServeMe [trojan] ServeMe
udp personal-agent Personal Agent
udp rplay rplay
tcp TR069 Router Remote Admin
[get complete service list]
User Comments
Submitted By Date
Comment
George 2013-09-11 12:14:55
Legitimate use of this port: Sun xFire servers (x4100, 4140, 4500, 4540) may use this port for out-of-band / ILOM remote control of the server with latest revisions of the ILOM firmware. However, this traffic would be sporadic and on an as-needed basis (hopefully people aren't using ILOM to log into servers for day-to-day work). One would also see HTTPS (443) traffic from the same IP's, to load the ILOM services pages and invoke the remote control functions.
2011-08-10 01:36:26
MS Dynamics CRM uses this port by default
Don Levinson 2004-09-08 06:30:35
We are seeing heavy target traffic on this port. Many of our machines are infected with bling.exe which is listed as non-malicious spyware, but it is acting like backdoor software from what I can see. Infection is seen with the files bling.exe and o. in the system32 directory on windows. Activity is TCP from an incrementing port on the infected PC to a fixed port of 5555 on the network target/master.
2003-08-21 19:33:01
Other programs that use port 5555: freeciv HP Omniback
Add a comment
CVE Links
CVE # Description
CVE-2013-6194 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
CVE-2014-2623 Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2016-2005 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.