Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Diaries by Keyword Diaries by Keyword

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

TCP PORT 81

2017-04-22Jim ClausingWTF tcp port 81

TCP

2021-05-30/a>Didier StevensSysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-02-25/a>Jim ClausingSo where did those Satori attacks come from?
2021-02-16/a>Jim ClausingMore weirdness on TCP port 26
2020-11-24/a>Johannes UllrichThe special case of TCP RST
2020-07-01/a>Jim ClausingSetting up the Dshield honeypot and tcp-honeypot.py
2020-06-28/a>Guy Bruneautcp-honeypot.py Logstash Parser & Dashboard Update
2020-05-01/a>Jim ClausingAttack traffic on TCP port 9673
2020-01-12/a>Guy BruneauELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-02/a>Jim ClausingNext up, what's up with TCP port 26?
2019-10-03/a>Jim ClausingBuffer overflows found in libpcap and tcpdump
2019-06-18/a>Johannes UllrichWhat You Need To Know About TCP "SACK Panic"
2019-02-18/a>Didier StevensKnow What You Are Logging
2018-08-15/a>Xavier MertensTruncating Payloads and Anonymizing PCAP files
2018-01-18/a>Xavier MertensComment your Packet Captures!
2017-09-28/a>Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-02-02/a>Rick WannerNew tcpdump release -> 4.9.0 http://www.tcpdump.org/#latest-release
2017-01-31/a>Johannes UllrichMultiple Vulnerabilities in tcpdump
2017-01-28/a>Guy BruneauRequest for Packets and Logs - TCP 5358
2016-11-05/a>Xavier MertensFull Packet Capture for Dummies
2016-10-22/a>Guy BruneauRequest for Packets TCP 4786 - CVE-2016-6385
2015-05-10/a>Didier StevensWireshark TCP Flags: How To Install On Windows Video
2015-04-05/a>Didier StevensWireshark TCP Flags
2015-03-16/a>Johannes UllrichAutomatically Documenting Network Connections From New Devices Connected to Home Networks
2014-01-11/a>Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2013-11-27/a>Rob VandenBrinkATM Traffic + TCPDump + Video = Good or Evil?
2013-11-13/a>Johannes UllrichPacket Challenge for the Hivemind: What's happening with this Ethernet header?
2013-10-25/a>Rob VandenBrinkKaspersky flags TCPIP.SYS as Malware
2013-10-01/a>Johannes UllrichiOS 7 Adds Multipath TCP
2012-01-06/a>Guy BruneauNew Version of tcpflow Available in Beta
2011-10-23/a>Guy Bruneautcpdump and IPv6
2011-08-08/a>Rob VandenBrinkPing is Bad (Sometimes)
2011-03-07/a>Lorna HutchesonCall for Packets - Unassigned TCP Options
2011-01-25/a>Johannes UllrichPacket Tricks with xxd
2010-08-01/a>Manuel Humberto Santander PelaezEvation because IPS fails to validate TCP checksums?
2010-06-15/a>Manuel Humberto Santander PelaezTCP evasions for IDS/IPS
2010-06-03/a>Johannes UllrichTop 10 Things you may not know about tcpdump
2010-02-23/a>Mark HofmanWhat is your firewall telling you and what is TCP249?
2009-11-18/a>Rob VandenBrinkUsing a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-06-28/a>Guy BruneauIP Address Range Search with libpcap
2009-03-05/a>Mark HofmanWhat's up with port 445?
2008-10-01/a>Rick WannerHandler Mailbag

PORT

2021-06-03/a>Jim ClausingStrange goings on with port 37
2021-02-25/a>Jim ClausingSo where did those Satori attacks come from?
2021-02-16/a>Jim ClausingMore weirdness on TCP port 26
2020-10-24/a>Guy BruneauAn Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-02-05/a>Brad DuncanFake browser update pages are "still a thing"
2019-11-19/a>Johannes UllrichCheap Chinese JAWS of DVR Exploitability on Port 60001
2019-08-01/a>Johannes UllrichWhat is Listening On Port 9527/TCP?
2019-07-26/a>Kevin ShorttDVRIP Port 34567 - Uptick
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-12-16/a>Guy BruneauRandom Port Scan for Open RDP Backdoor
2018-01-09/a>Jim ClausingWhat is going on with port 3333?
2017-09-22/a>Russell EubanksWhat is the State of Your Union?
2017-09-05/a>Johannes UllrichThe Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-06-16/a>Lorna HutchesonWhat is going on with Port 83?
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-01-28/a>Guy BruneauRequest for Packets and Logs - TCP 5358
2017-01-10/a>Johannes UllrichPort 37777 "MapTable" Requests
2016-05-26/a>Xavier MertensKeeping an Eye on Tor Traffic
2016-04-25/a>Guy BruneauHighlights from the 2016 HPE Annual Cyber Threat Report
2016-02-02/a>Johannes UllrichTargeted IPv6 Scans Using pool.ntp.org .
2015-09-28/a>Johannes Ullrich"Transport of London" Malicious E-Mail
2015-06-27/a>Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2015-04-08/a>Tom WebbIs it a breach or not?
2014-10-13/a>Lorna HutchesonFor or Against: Port Security for Network Access Control
2014-09-15/a>Johannes UllrichGoogle DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-06-11/a>Daniel WesemannHelp your pilot fly!
2014-05-23/a>Richard PorterHighlights from Cisco Live 2014 - The Internet of Everything
2014-03-26/a>Johannes UllrichLet's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-13/a>Daniel WesemannIdentification and authentication are hard ... finding out intention is even harder
2014-03-06/a>Mark BaggettPort 5000 traffic and snort signature
2014-01-22/a>Chris MohanLearning from the breaches that happens to others
2014-01-11/a>Guy Bruneautcpflow 1.4.4 and some of its most Interesting Features
2014-01-02/a>Johannes UllrichScans Increase for New Linksys Backdoor (32764/TCP)
2013-11-25/a>Johannes UllrichMore Bad Port 0 Traffic
2013-11-22/a>Rick WannerPort 0 DDOS
2013-10-30/a>Russ McReeSIR v15: Five good reasons to leave Windows XP behind
2013-05-19/a>Kevin ShorttPort 51616 - Got Packets?
2013-03-03/a>Richard PorterUptick in MSSQL Activity
2013-01-08/a>Richard PorterYahoo Web Interface Report: Compose and Send
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-01-27/a>Mark HofmanCISCO Ironport C & M Series telnet vulnerability
2012-01-13/a>Guy BruneauSysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-11-11/a>Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-10-25/a>Chris MohanRecurring reporting made easy?
2011-08-25/a>Kevin ShorttIncreased Traffic on Port 3389
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-06-21/a>Chris MohanAustralian government security audit report shows tough love to agencies
2011-05-23/a>Mark HofmanMicrosoft Support Scam (again)
2011-04-20/a>Daniel WesemannData Breach Investigations Report published by Verizon
2011-01-25/a>Chris MohanReviewing our preconceptions
2011-01-24/a>Rob VandenBrinkWhere have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2011-01-08/a>Guy BruneauPandaLabs 2010 Annual Report
2010-11-24/a>Jim ClausingHelp with odd port scans
2010-08-16/a>Raul SilesThe Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-20/a>Raul SilesAre You Ready for a Transportation Collapse...?
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>Rob VandenBrinkSupport for Legacy Browsers
2010-01-09/a>G. N. WhiteWhat's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-10-28/a>Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-21/a>Pedro BuenoCyber Security Awareness Month - Day 21 - Port 135
2009-10-17/a>Rick WannerCyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>Deborah HaleCyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-08/a>Johannes UllrichCyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-02/a>Rick WannerSignificant increase in port 2967 traffic
2009-04-15/a>Marcus Sachs2009 Data Breach Investigation Report
2009-01-21/a>Raul SilesTraffic increase for port UDP/8247
2008-12-16/a>donald smithCisco's Annual Security report has been released.
2008-08-02/a>Maarten Van HorenbeeckA little of that human touch
2008-07-02/a>Jim ClausingThe scoop on the spike in UDP port 7 traffic
2008-05-26/a>Marcus SachsPort 1533 on the Rise
2008-04-27/a>Marcus SachsWhat's With Port 20329?
2008-04-10/a>Deborah HaleDSLReports Being Attacked Again
2008-04-08/a>Swa FrantzenSymantec's Global Internet Security Threat Report
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-21/a>Johannes UllrichApple updates Airport Drivers

81

2020-12-18/a>Jan KoprivaA slightly optimistic tale of how patching went for CVE-2019-19781
2020-01-13/a>Didier StevensCitrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>Johannes UllrichCitrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-07/a>Johannes UllrichA Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-03-09/a>Guy BruneauA Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-08-20/a>Didier StevensOpenSSH user enumeration (CVE-2018-15473)
2017-04-22/a>Jim ClausingWTF tcp port 81
2017-03-03/a>Lorna HutchesonBitTorrent or Something Else?
2014-04-04/a>Rob VandenBrinkWindows 8.1 Released
2012-05-16/a>Johannes UllrichGot Packets? Odd duplicate DNS replies from 10.x IP Addresses
2011-01-15/a>Jim ClausingWhat's up with port 8881?
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication