Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 443 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 443 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp https HTTP protocol over TLS SSL
udp https HTTP protocol over TLS/SSL
TCP [ICS] OPC UA XML [ICS] OPC UA XML
Top IPs Scanning
TodayYesterday
5.9.28.205 (6759)5.9.28.205 (44552)
193.106.191.48 (680)96.44.142.254 (2334)
96.44.142.254 (390)193.106.191.48 (1900)
138.99.216.228 (332)138.99.216.228 (1655)
138.99.216.137 (309)193.46.255.95 (1644)
192.241.222.123 (266)44.202.105.3 (591)
45.79.155.18 (265)154.89.5.91 (471)
192.166.115.11 (255)212.47.229.134 (467)
135.148.54.27 (233)179.60.149.12 (464)
15.235.39.153 (225)169.228.66.212 (459)
Port diary mentions
URL
LSASS exploit, SSL PCT exploits, port 559 (tcp) proxy hunter, Bagle.Z
Increased SSL Activity; Exploits for MS04-022; Mailbag
Quiet Day;TCP443; Firefox GIF image handling heap overflow exploit; MS javaprxy.dll update
port 443 https increase
Top of page
User Comments
Submitted By Date
Comment
Sunny Dhbahai 2013-03-05 13:43:50
Redis Server Port which client can run queries. Default Port Exposed to Internet Could Face Brute Force Attacks. Nmap Brute Force Script For Radis: http://nmap.org/nsedoc/scripts/redis-brute.html
Alexander Dupuy 2010-11-23 14:17:15
UDP/443 is typically Skype traffic. From http://download.skype.com/share/business/guides/skype-it-administrators-guide.pdf (p.10 section 2.1.2 Operations): "It also uses UDP 443 to test network connectivity." These network probes typically have 18 byte payloads from the client (dst port UDP/443) and 26 byte payloads from the server (src port UDP/443)
Add a comment
Top of page
CVE Links
CVE # Description
CVE-2014-0160
CVE-2014-0224
CVE-2014-6321
CVE-2016-8610
Top of page