Threat Level: green Handler on Duty: Richard Porter

SANS ISC TCP/UDP Port Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[show ascii data]


Port Information
Protocol Service Name
tcp hosts2-ns HOSTS2 Name Server
tcp RemoConChubo [trojan] RemoConChubo
udp hosts2-ns HOSTS2 Name Server
tcp docs-to-go Palm Documents to Go
[get complete service list]
User Comments
Submitted By Date
Steve Arnold 2009-10-04 18:45:22
Reported today by Sophos as the port used by the e-mailed "carrier" (VBS script) of W32/Bagle-Q to download the virus.
TomazF 2009-10-04 18:45:22
new version (18.03.2004) of worm Beagle is working on port 81, opens PHP with ActiveX script ans install sm.exe -> \winnt\system32\directs.exe and infects then plenty of EXEs see virus email body: <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA=""> </OBJECT></body></html> Rgrds, Tomaz
Diesel 2008-05-15 14:28:49
this port is used between http proxies
Just found 2008-04-29 18:22:33
igo-incognito user-authentication-for-watchguard-products IGo Incognito Data Port | | IGo Incognito Data Port
Joshua 2004-03-19 04:46:52
Secondary HTTP servers are often found on ports 81 through 83.
Tinga 2004-02-10 19:49:57
Port is also used for McAfee ePO console to server communications
Add a comment
CVE Links
CVE # Description
CVE-2004-38 "McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81."