Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
TCP PORT 26
2021-02-25	Jim Clausing	So where did those Satori attacks come from?
2021-02-16	Jim Clausing	More weirdness on TCP port 26
TCP
2024-06-20/a>	Guy Bruneau	No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
2023-11-16/a>	Johannes Ullrich	Beyond -n: Optimizing tcpdump performance
2023-02-01/a>	Jesse La Grew	Rotating Packet Captures with pfSense
2022-06-20/a>	Johannes Ullrich	Odd TCP Fast Open Packets. Anybody understands why?
2022-03-20/a>	Didier Stevens	MGLNDD_* Scans
2021-05-30/a>	Didier Stevens	Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2020-11-24/a>	Johannes Ullrich	The special case of TCP RST
2020-07-01/a>	Jim Clausing	Setting up the Dshield honeypot and tcp-honeypot.py
2020-06-28/a>	Guy Bruneau	tcp-honeypot.py Logstash Parser & Dashboard Update
2020-05-01/a>	Jim Clausing	Attack traffic on TCP port 9673
2020-01-12/a>	Guy Bruneau	ELK Dashboard and Logstash parser for tcp-honeypot Logs
2019-12-02/a>	Jim Clausing	Next up, what's up with TCP port 26?
2019-10-03/a>	Jim Clausing	Buffer overflows found in libpcap and tcpdump
2019-06-18/a>	Johannes Ullrich	What You Need To Know About TCP "SACK Panic"
2019-02-18/a>	Didier Stevens	Know What You Are Logging
2018-08-15/a>	Xavier Mertens	Truncating Payloads and Anonymizing PCAP files
2018-01-18/a>	Xavier Mertens	Comment your Packet Captures!
2017-09-28/a>	Xavier Mertens	The easy way to analyze huge amounts of PCAP data
2017-04-22/a>	Jim Clausing	WTF tcp port 81
2017-02-02/a>	Rick Wanner	New tcpdump release -> 4.9.0 http://www.tcpdump.org/#latest-release
2017-01-31/a>	Johannes Ullrich	Multiple Vulnerabilities in tcpdump
2017-01-28/a>	Guy Bruneau	Request for Packets and Logs - TCP 5358
2016-11-05/a>	Xavier Mertens	Full Packet Capture for Dummies
2016-10-22/a>	Guy Bruneau	Request for Packets TCP 4786 - CVE-2016-6385
2015-05-10/a>	Didier Stevens	Wireshark TCP Flags: How To Install On Windows Video
2015-04-05/a>	Didier Stevens	Wireshark TCP Flags
2015-03-16/a>	Johannes Ullrich	Automatically Documenting Network Connections From New Devices Connected to Home Networks
2014-01-11/a>	Guy Bruneau	tcpflow 1.4.4 and some of its most Interesting Features
2013-11-27/a>	Rob VandenBrink	ATM Traffic + TCPDump + Video = Good or Evil?
2013-11-13/a>	Johannes Ullrich	Packet Challenge for the Hivemind: What's happening with this Ethernet header?
2013-10-25/a>	Rob VandenBrink	Kaspersky flags TCPIP.SYS as Malware
2013-10-01/a>	Johannes Ullrich	iOS 7 Adds Multipath TCP
2012-01-06/a>	Guy Bruneau	New Version of tcpflow Available in Beta
2011-10-23/a>	Guy Bruneau	tcpdump and IPv6
2011-08-08/a>	Rob VandenBrink	Ping is Bad (Sometimes)
2011-03-07/a>	Lorna Hutcheson	Call for Packets - Unassigned TCP Options
2011-01-25/a>	Johannes Ullrich	Packet Tricks with xxd
2010-08-01/a>	Manuel Humberto Santander Pelaez	Evation because IPS fails to validate TCP checksums?
2010-06-15/a>	Manuel Humberto Santander Pelaez	TCP evasions for IDS/IPS
2010-06-03/a>	Johannes Ullrich	Top 10 Things you may not know about tcpdump
2010-02-23/a>	Mark Hofman	What is your firewall telling you and what is TCP249?
2009-11-18/a>	Rob VandenBrink	Using a Cisco Router as a “Remote Collector” for tcpdump or Wireshark
2009-06-28/a>	Guy Bruneau	IP Address Range Search with libpcap
2009-03-05/a>	Mark Hofman	What's up with port 445?
2008-10-01/a>	Rick Wanner	Handler Mailbag
PORT
2024-06-17/a>	Xavier Mertens	New NetSupport Campaign Delivered Through MSIX Packages
2024-04-25/a>	Jesse La Grew	Does it matter if iptables isn't running on my honeypot?
2023-08-18/a>	Xavier Mertens	From a Zalando Phishing to a RAT
2022-10-31/a>	Rob VandenBrink	NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-21/a>	Brad Duncan	sczriptzzbn inject pushes malware for NetSupport RAT
2022-10-19/a>	Xavier Mertens	Are Internet Scanning Services Good or Bad for You?
2022-01-02/a>	Guy Bruneau	Exchange Server - Email Trapped in Transport Queues
2021-10-14/a>	Xavier Mertens	Port-Forwarding with Windows for the Win
2021-06-03/a>	Jim Clausing	Strange goings on with port 37
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2020-10-24/a>	Guy Bruneau	An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-02-05/a>	Brad Duncan	Fake browser update pages are "still a thing"
2019-11-19/a>	Johannes Ullrich	Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-08-01/a>	Johannes Ullrich	What is Listening On Port 9527/TCP?
2019-07-26/a>	Kevin Shortt	DVRIP Port 34567 - Uptick
2019-03-09/a>	Guy Bruneau	A Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-12-16/a>	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-01-09/a>	Jim Clausing	What is going on with port 3333?
2017-09-22/a>	Russell Eubanks	What is the State of Your Union?
2017-09-05/a>	Johannes Ullrich	The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-18/a>	Guy Bruneau	tshark 2.4 New Feature - Command Line Export Objects
2017-06-16/a>	Lorna Hutcheson	What is going on with Port 83?
2017-04-22/a>	Jim Clausing	WTF tcp port 81
2017-01-28/a>	Guy Bruneau	Request for Packets and Logs - TCP 5358
2017-01-10/a>	Johannes Ullrich	Port 37777 "MapTable" Requests
2016-05-26/a>	Xavier Mertens	Keeping an Eye on Tor Traffic
2016-04-25/a>	Guy Bruneau	Highlights from the 2016 HPE Annual Cyber Threat Report
2016-02-02/a>	Johannes Ullrich	Targeted IPv6 Scans Using pool.ntp.org .
2015-09-28/a>	Johannes Ullrich	"Transport of London" Malicious E-Mail
2015-06-27/a>	Guy Bruneau	Is Windows XP still around in your Network a year after Support Ended?
2015-04-08/a>	Tom Webb	Is it a breach or not?
2014-10-13/a>	Lorna Hutcheson	For or Against: Port Security for Network Access Control
2014-09-15/a>	Johannes Ullrich	Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-05/a>	Guy Bruneau	Java Support ends for Windows XP
2014-06-11/a>	Daniel Wesemann	Help your pilot fly!
2014-05-23/a>	Richard Porter	Highlights from Cisco Live 2014 - The Internet of Everything
2014-03-26/a>	Johannes Ullrich	Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-13/a>	Daniel Wesemann	Identification and authentication are hard ... finding out intention is even harder
2014-03-06/a>	Mark Baggett	Port 5000 traffic and snort signature
2014-01-22/a>	Chris Mohan	Learning from the breaches that happens to others
2014-01-11/a>	Guy Bruneau	tcpflow 1.4.4 and some of its most Interesting Features
2014-01-02/a>	Johannes Ullrich	Scans Increase for New Linksys Backdoor (32764/TCP)
2013-11-25/a>	Johannes Ullrich	More Bad Port 0 Traffic
2013-11-22/a>	Rick Wanner	Port 0 DDOS
2013-10-30/a>	Russ McRee	SIR v15: Five good reasons to leave Windows XP behind
2013-05-19/a>	Kevin Shortt	Port 51616 - Got Packets?
2013-03-03/a>	Richard Porter	Uptick in MSSQL Activity
2013-01-08/a>	Richard Porter	Yahoo Web Interface Report: Compose and Send
2012-12-06/a>	Daniel Wesemann	Fake tech support calls - revisited
2012-10-03/a>	Kevin Shortt	Fake Support Calls Reported
2012-01-27/a>	Mark Hofman	CISCO Ironport C & M Series telnet vulnerability
2012-01-13/a>	Guy Bruneau	Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-11-11/a>	Rick Wanner	APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-10-25/a>	Chris Mohan	Recurring reporting made easy?
2011-08-25/a>	Kevin Shortt	Increased Traffic on Port 3389
2011-06-29/a>	Johannes Ullrich	Random SSL Tips and Tricks
2011-06-21/a>	Chris Mohan	Australian government security audit report shows tough love to agencies
2011-05-23/a>	Mark Hofman	Microsoft Support Scam (again)
2011-04-20/a>	Daniel Wesemann	Data Breach Investigations Report published by Verizon
2011-01-25/a>	Chris Mohan	Reviewing our preconceptions
2011-01-24/a>	Rob VandenBrink	Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-15/a>	Jim Clausing	What's up with port 8881?
2011-01-08/a>	Guy Bruneau	PandaLabs 2010 Annual Report
2010-11-24/a>	Jim Clausing	Help with odd port scans
2010-08-16/a>	Raul Siles	The Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>	Rob VandenBrink	The 2010 Verizon Data Breach Report is Out
2010-07-06/a>	Rob VandenBrink	Bogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>	Manuel Humberto Santander Pelaez	Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-20/a>	Raul Siles	Are You Ready for a Transportation Collapse...?
2010-03-01/a>	Mark Hofman	Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>	Rob VandenBrink	Support for Legacy Browsers
2010-01-09/a>	G. N. White	What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-10-28/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>	Lorna Hutcheson	Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-21/a>	Pedro Bueno	Cyber Security Awareness Month - Day 21 - Port 135
2009-10-17/a>	Rick Wanner	Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>	Deborah Hale	Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>	Mark Hofman	Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-08/a>	Johannes Ullrich	Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-02/a>	Rick Wanner	Significant increase in port 2967 traffic
2009-04-15/a>	Marcus Sachs	2009 Data Breach Investigation Report
2009-01-21/a>	Raul Siles	Traffic increase for port UDP/8247
2008-12-16/a>	donald smith	Cisco's Annual Security report has been released.
2008-08-02/a>	Maarten Van Horenbeeck	A little of that human touch
2008-07-02/a>	Jim Clausing	The scoop on the spike in UDP port 7 traffic
2008-05-26/a>	Marcus Sachs	Port 1533 on the Rise
2008-04-27/a>	Marcus Sachs	What's With Port 20329?
2008-04-10/a>	Deborah Hale	DSLReports Being Attacked Again
2008-04-08/a>	Swa Frantzen	Symantec's Global Internet Security Threat Report
2006-11-29/a>	Toby Kohlenberg	New Vulnerability Announcement and patches from Apple
2006-09-21/a>	Johannes Ullrich	Apple updates Airport Drivers
26
2023-02-22/a>	Johannes Ullrich	Internet Wide Scan Fingerprinting Confluence Servers
2022-04-28/a>	Johannes Ullrich	A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
2022-04-14/a>	Johannes Ullrich	An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
2021-11-20/a>	Guy Bruneau	Hikvision Security Cameras Potentially Exposed to Remote Code Execution
2021-02-25/a>	Jim Clausing	So where did those Satori attacks come from?
2021-02-16/a>	Jim Clausing	More weirdness on TCP port 26
2019-12-02/a>	Jim Clausing	Next up, what's up with TCP port 26?
2019-02-02/a>	Guy Bruneau	Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2014-02-27/a>	Richard Porter	DDoS and BCP 38
2011-04-21/a>	Guy Bruneau	Silverlight Update Available
2010-10-28/a>	Manuel Humberto Santander Pelaez	CVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability

TCP PORT 26

TCP

PORT

26