Threat Level: green Handler on Duty: Richard Porter

SANS ISC: Port 5555 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 5555 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp TR069 Router Remote Admin
tcp ADB Android Debug Bridge
tcp personal-agent Personal Agent
tcp ServeMe [trojan] ServeMe
udp personal-agent Personal Agent
udp rplay rplay
[get complete service list]
Port diary mentions
URL
Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555tcp)
User Comments
Submitted By Date
Comment
Johannes 2018-07-15 11:17:50
Port 5555 is used by the Android Debug Bridge. A feature that is usually turned off. But it has been discovered that some (in particular chinese) Android phones ship with it turned on. Also, during jailbreak, the ADB feature is sometimes turned on.
George 2013-09-11 12:14:55
Legitimate use of this port: Sun xFire servers (x4100, 4140, 4500, 4540) may use this port for out-of-band / ILOM remote control of the server with latest revisions of the ILOM firmware. However, this traffic would be sporadic and on an as-needed basis (hopefully people aren't using ILOM to log into servers for day-to-day work). One would also see HTTPS (443) traffic from the same IP's, to load the ILOM services pages and invoke the remote control functions.
2011-08-10 01:36:26
MS Dynamics CRM uses this port by default
Don Levinson 2004-09-08 06:30:35
We are seeing heavy target traffic on this port. Many of our machines are infected with bling.exe which is listed as non-malicious spyware, but it is acting like backdoor software from what I can see. Infection is seen with the files bling.exe and o. in the system32 directory on windows. Activity is TCP from an incrementing port on the infected PC to a fixed port of 5555 on the network target/master.
2003-08-21 19:33:01
Other programs that use port 5555: freeciv HP Omniback
Add a comment
CVE Links
CVE # Description
CVE-2013-6194 Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
CVE-2014-2623 Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2016-2005 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.