Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
UDP PORT 7
2008-07-02
Jim Clausing
The scoop on the spike in UDP port 7 traffic
UDP
2021-06-03/a>
Jim Clausing
Strange goings on with port 37
2020-09-01/a>
Johannes Ullrich
Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2017-06-16/a>
Lorna Hutcheson
What is going on with Port 83?
2014-09-15/a>
Johannes Ullrich
Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2011-08-08/a>
Rob VandenBrink
Ping is Bad (Sometimes)
2010-02-01/a>
Rob VandenBrink
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2009-03-17/a>
Johannes Ullrich
Identifying applications using UDP payload
2008-07-02/a>
Jim Clausing
The scoop on the spike in UDP port 7 traffic
PORT
2024-06-17/a>
Xavier Mertens
New NetSupport Campaign Delivered Through MSIX Packages
2024-04-25/a>
Jesse La Grew
Does it matter if iptables isn't running on my honeypot?
2023-08-18/a>
Xavier Mertens
From a Zalando Phishing to a RAT
2022-10-31/a>
Rob VandenBrink
NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-10-21/a>
Brad Duncan
sczriptzzbn inject pushes malware for NetSupport RAT
2022-10-19/a>
Xavier Mertens
Are Internet Scanning Services Good or Bad for You?
2022-01-02/a>
Guy Bruneau
Exchange Server - Email Trapped in Transport Queues
2021-10-14/a>
Xavier Mertens
Port-Forwarding with Windows for the Win
2021-06-03/a>
Jim Clausing
Strange goings on with port 37
2021-02-25/a>
Jim Clausing
So where did those Satori attacks come from?
2021-02-16/a>
Jim Clausing
More weirdness on TCP port 26
2020-10-24/a>
Guy Bruneau
An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-02-05/a>
Brad Duncan
Fake browser update pages are "still a thing"
2019-11-19/a>
Johannes Ullrich
Cheap Chinese JAWS of DVR Exploitability on Port 60001
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-03-09/a>
Guy Bruneau
A Comparison Study of SSH Port Activity - TCP 22 & 2222
2018-12-16/a>
Guy Bruneau
Random Port Scan for Open RDP Backdoor
2018-01-09/a>
Jim Clausing
What is going on with port 3333?
2017-09-22/a>
Russell Eubanks
What is the State of Your Union?
2017-09-05/a>
Johannes Ullrich
The Mirai Botnet: A Look Back and Ahead At What's Next
2017-08-18/a>
Guy Bruneau
tshark 2.4 New Feature - Command Line Export Objects
2017-06-16/a>
Lorna Hutcheson
What is going on with Port 83?
2017-04-22/a>
Jim Clausing
WTF tcp port 81
2017-01-28/a>
Guy Bruneau
Request for Packets and Logs - TCP 5358
2017-01-10/a>
Johannes Ullrich
Port 37777 "MapTable" Requests
2016-05-26/a>
Xavier Mertens
Keeping an Eye on Tor Traffic
2016-04-25/a>
Guy Bruneau
Highlights from the 2016 HPE Annual Cyber Threat Report
2016-02-02/a>
Johannes Ullrich
Targeted IPv6 Scans Using pool.ntp.org .
2015-09-28/a>
Johannes Ullrich
"Transport of London" Malicious E-Mail
2015-06-27/a>
Guy Bruneau
Is Windows XP still around in your Network a year after Support Ended?
2015-04-08/a>
Tom Webb
Is it a breach or not?
2014-10-13/a>
Lorna Hutcheson
For or Against: Port Security for Network Access Control
2014-09-15/a>
Johannes Ullrich
Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-07-05/a>
Guy Bruneau
Java Support ends for Windows XP
2014-06-11/a>
Daniel Wesemann
Help your pilot fly!
2014-05-23/a>
Richard Porter
Highlights from Cisco Live 2014 - The Internet of Everything
2014-03-26/a>
Johannes Ullrich
Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
2014-03-13/a>
Daniel Wesemann
Identification and authentication are hard ... finding out intention is even harder
2014-03-06/a>
Mark Baggett
Port 5000 traffic and snort signature
2014-01-22/a>
Chris Mohan
Learning from the breaches that happens to others
2014-01-11/a>
Guy Bruneau
tcpflow 1.4.4 and some of its most Interesting Features
2014-01-02/a>
Johannes Ullrich
Scans Increase for New Linksys Backdoor (32764/TCP)
2013-11-25/a>
Johannes Ullrich
More Bad Port 0 Traffic
2013-11-22/a>
Rick Wanner
Port 0 DDOS
2013-10-30/a>
Russ McRee
SIR v15: Five good reasons to leave Windows XP behind
2013-05-19/a>
Kevin Shortt
Port 51616 - Got Packets?
2013-03-03/a>
Richard Porter
Uptick in MSSQL Activity
2013-01-08/a>
Richard Porter
Yahoo Web Interface Report: Compose and Send
2012-12-06/a>
Daniel Wesemann
Fake tech support calls - revisited
2012-10-03/a>
Kevin Shortt
Fake Support Calls Reported
2012-01-27/a>
Mark Hofman
CISCO Ironport C & M Series telnet vulnerability
2012-01-13/a>
Guy Bruneau
Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx
2011-11-11/a>
Rick Wanner
APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-10-25/a>
Chris Mohan
Recurring reporting made easy?
2011-08-25/a>
Kevin Shortt
Increased Traffic on Port 3389
2011-06-29/a>
Johannes Ullrich
Random SSL Tips and Tricks
2011-06-21/a>
Chris Mohan
Australian government security audit report shows tough love to agencies
2011-05-23/a>
Mark Hofman
Microsoft Support Scam (again)
2011-04-20/a>
Daniel Wesemann
Data Breach Investigations Report published by Verizon
2011-01-25/a>
Chris Mohan
Reviewing our preconceptions
2011-01-24/a>
Rob VandenBrink
Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool
2011-01-15/a>
Jim Clausing
What's up with port 8881?
2011-01-08/a>
Guy Bruneau
PandaLabs 2010 Annual Report
2010-11-24/a>
Jim Clausing
Help with odd port scans
2010-08-16/a>
Raul Siles
The Seven Deadly Sins of Security Vulnerability Reporting
2010-07-29/a>
Rob VandenBrink
The 2010 Verizon Data Breach Report is Out
2010-07-06/a>
Rob VandenBrink
Bogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>
Manuel Humberto Santander Pelaez
Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-04-20/a>
Raul Siles
Are You Ready for a Transportation Collapse...?
2010-03-01/a>
Mark Hofman
Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>
Rob VandenBrink
Support for Legacy Browsers
2010-01-09/a>
G. N. White
What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-10-28/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25/a>
Lorna Hutcheson
Cyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-21/a>
Pedro Bueno
Cyber Security Awareness Month - Day 21 - Port 135
2009-10-17/a>
Rick Wanner
Cyber Security Awareness Month - Day 17 - Port 22/SSH
2009-10-15/a>
Deborah Hale
Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email
2009-10-11/a>
Mark Hofman
Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-08/a>
Johannes Ullrich
Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
2009-05-02/a>
Rick Wanner
Significant increase in port 2967 traffic
2009-04-15/a>
Marcus Sachs
2009 Data Breach Investigation Report
2009-01-21/a>
Raul Siles
Traffic increase for port UDP/8247
2008-12-16/a>
donald smith
Cisco's Annual Security report has been released.
2008-08-02/a>
Maarten Van Horenbeeck
A little of that human touch
2008-07-02/a>
Jim Clausing
The scoop on the spike in UDP port 7 traffic
2008-05-26/a>
Marcus Sachs
Port 1533 on the Rise
2008-04-27/a>
Marcus Sachs
What's With Port 20329?
2008-04-10/a>
Deborah Hale
DSLReports Being Attacked Again
2008-04-08/a>
Swa Frantzen
Symantec's Global Internet Security Threat Report
2006-11-29/a>
Toby Kohlenberg
New Vulnerability Announcement and patches from Apple
2006-09-21/a>
Johannes Ullrich
Apple updates Airport Drivers
7
2024-09-25/a>
Guy Bruneau
OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary]
2023-07-12/a>
Brad Duncan
Loader activity for Formbook "QM18"
2023-06-22/a>
Brad Duncan
Qakbot (Qbot) activity, obama271 distribution tag
2023-06-17/a>
Brad Duncan
Formbook from Possible ModiLoader (DBatLoader)
2023-05-14/a>
Guy Bruneau
VMware Aria Operations addresses multiple Local Privilege Escalations and a Deserialization issue
2023-02-28/a>
Brad Duncan
BB17 distribution Qakbot (Qbot) activity
2022-12-16/a>
Guy Bruneau
VMware Security Updates
2022-09-06/a>
Didier Stevens
Analysis of an Encoded Cobalt Strike Beacon
2022-09-04/a>
Didier Stevens
Video: VBA Maldoc & UTF7 (APT-C-35)
2022-08-29/a>
Didier Stevens
Update: VBA Maldoc & UTF7 (APT-C-35)
2022-08-28/a>
Didier Stevens
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
2022-08-26/a>
Guy Bruneau
HTTP/2 Packet Analysis with Wireshark
2022-08-16/a>
Didier Stevens
VBA Maldoc & UTF7 (APT-C-35)
2022-08-14/a>
Johannes Ullrich
Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
2022-07-09/a>
Didier Stevens
7-Zip Editing & MoW
2022-07-04/a>
Didier Stevens
7-Zip & MoW: "For Office files"
2022-07-03/a>
Didier Stevens
7-Zip & MoW
2022-06-09/a>
Brad Duncan
TA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)
2022-05-11/a>
Brad Duncan
TA578 using thread-hijacked emails to push ISO files for Bumblebee malware
2022-01-12/a>
Johannes Ullrich
A Quick CVE-2022-21907 FAQ
2021-12-18/a>
Guy Bruneau
VMware Security Update - https://www.vmware.com/security/advisories/VMSA-2021-0030.html
2021-10-16/a>
Guy Bruneau
Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06/a>
Johannes Ullrich
Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-06-30/a>
Johannes Ullrich
CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
2021-06-26/a>
Guy Bruneau
CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-03/a>
Jim Clausing
Strange goings on with port 37
2021-04-08/a>
Xavier Mertens
Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-02-24/a>
Brad Duncan
Malspam pushes GuLoader for Remcos RAT
2020-12-18/a>
Jan Kopriva
A slightly optimistic tale of how patching went for CVE-2019-19781
2020-10-28/a>
Jan Kopriva
SMBGhost - the critical vulnerability many seem to have forgotten to patch
2020-08-08/a>
Guy Bruneau
Scanning Activity Include Netcat Listener
2020-05-01/a>
Jim Clausing
Attack traffic on TCP port 9673
2020-01-13/a>
Didier Stevens
Citrix ADC Exploits: Overview of Observed Payloads
2020-01-11/a>
Johannes Ullrich
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
2020-01-09/a>
Kevin Shortt
Windows 7 - End of Life
2020-01-07/a>
Johannes Ullrich
A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
2019-11-06/a>
Brad Duncan
More malspam pushing Formbook
2019-08-01/a>
Johannes Ullrich
What is Listening On Port 9527/TCP?
2019-07-26/a>
Kevin Shortt
DVRIP Port 34567 - Uptick
2019-06-19/a>
Johannes Ullrich
Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
2019-05-22/a>
Johannes Ullrich
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-28/a>
Johannes Ullrich
Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
2019-02-02/a>
Guy Bruneau
Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269
2019-01-14/a>
Rob VandenBrink
Still Running Windows 7? Time to think about that upgrade project!
2018-08-20/a>
Didier Stevens
OpenSSH user enumeration (CVE-2018-15473)
2017-08-26/a>
Didier Stevens
Malware analysis: searching for dots
2017-07-01/a>
Rick Wanner
Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue)
2017-05-13/a>
Guy Bruneau
Microsoft Released Guidance for WannaCrypt
2017-01-10/a>
Johannes Ullrich
Port 37777 "MapTable" Requests
2016-10-22/a>
Guy Bruneau
Request for Packets TCP 4786 - CVE-2016-6385
2016-06-15/a>
Richard Porter
Warp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2016-01-31/a>
Guy Bruneau
OpenSSL 1.0.2 Advisory and Update
2015-11-21/a>
Guy Bruneau
Nmap 7.00 is out!
2015-08-12/a>
Rob VandenBrink
Wireshark 1.12.7 is released, multiple fixes. Find the release notes at: https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html and the binaries at: https://www.wireshark.org/download.html
2014-09-25/a>
Johannes Ullrich
Update on CVE-2014-6271: Vulnerability in bash (shellshock)
2014-09-24/a>
Pedro Bueno
Attention *NIX admins, time to patch!
2014-07-07/a>
Johannes Ullrich
Multi Platform *Coin Miner Attacking Routers on Port 32764
2014-03-24/a>
Johannes Ullrich
New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
2014-02-27/a>
Richard Porter
DDoS and BCP 38
2014-02-07/a>
Rob VandenBrink
New ISO Standards on Vulnerability Handling and Disclosure
2013-12-05/a>
Mark Hofman
Updated Standards Part 1 - ISO 27001
2013-11-14/a>
Johannes Ullrich
iOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html
2013-11-09/a>
Guy Bruneau
IE Zero-Day Vulnerability Exploiting msvcrt.dll
2013-09-17/a>
John Bambenek
Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
2013-05-09/a>
Johannes Ullrich
Microsoft released a Fix-it for the Internet Explorer 8 Vulnerability http://support.microsoft.com/kb/2847140
2013-04-16/a>
Rob VandenBrink
Java 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-25/a>
Johannes Ullrich
IPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-19/a>
Johannes Ullrich
Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
2013-01-09/a>
Richard Porter
The 80's called - They Want Their Mainframe Back!
2013-01-04/a>
Guy Bruneau
"FixIt" Patch for CVE-2012-4792 Bypassed
2012-10-17/a>
Rob VandenBrink
Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-08/a>
Mark Hofman
Cyber Security Awareness Month - Day 8 ISO 27001
2012-09-21/a>
Guy Bruneau
IE Cumulative Updates MS12-063 - KB2744842
2012-09-21/a>
Guy Bruneau
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
2012-09-17/a>
Rob VandenBrink
IE Zero Day is "For Real"
2012-07-19/a>
Mark Baggett
Diagnosing Malware with Resource Monitor
2012-06-18/a>
Guy Bruneau
CVE-2012-1875 exploit is now available
2012-05-25/a>
Guy Bruneau
Technical Analysis of Flash Player CVE-2012-0779
2012-05-05/a>
Tony Carothers
Vulnerability Exploit for Snow Leopard
2012-04-27/a>
Mark Hofman
Microsoft has added MSSQL 2008 R2 SP1 to the list of affected software for MS12-027 (Thanks Ryan). More info here --> http://technet.microsoft.com/security/bulletin/ms12-027
2011-12-21/a>
Johannes Ullrich
New Vulnerability in Windows 7 64 bit
2011-11-03/a>
Richard Porter
An Apple, Inc. Sandbox to play in.
2011-06-01/a>
Johannes Ullrich
Enabling Privacy Enhanced Addresses for IPv6
2011-02-23/a>
Johannes Ullrich
Windows 7 Service Pack 1 out
2010-12-20/a>
Guy Bruneau
Patch Issues with Outlook 2007
2010-09-17/a>
Robert Danford
Circa 2007 Linux Kernel Vulnerability Resurfaces (Was CVE-2007-4573, Now CVE-2010-3301)
2010-08-22/a>
Manuel Humberto Santander Pelaez
SCADA: A big challenge for information security professionals
2010-07-20/a>
Manuel Humberto Santander Pelaez
iTunes buffer overflow vulnerability
2010-07-20/a>
Manuel Humberto Santander Pelaez
Truecrypt 7.0 released
2010-03-10/a>
Rob VandenBrink
Microsoft Security Advisory 981374 - Remote Code Execution Vulnerability for IE6 and IE7
2010-03-10/a>
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
2010-02-21/a>
Tony Carothers
TCP Port 12174 Request For Packets
2009-12-29/a>
Rick Wanner
What's up with port 12174? Possible Symantec server compromise?
2009-11-22/a>
Marcus Sachs
IE6 and IE7 0-Day Reported
2009-11-14/a>
Adrien de Beaupre
Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>
Rob VandenBrink
Windows 7 / Windows Server 2008 Remote SMB Exploit
2009-11-07/a>
Marcus Sachs
More Thoughts on Legacy Systems
2009-10-24/a>
Marcus Sachs
Windows 7 - How is it doing?
2009-10-06/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05/a>
Adrien de Beaupre
Cyber Security Awareness Month - Day 5 port 31337
2009-07-16/a>
Guy Bruneau
Changes in Windows Security Center
2009-05-28/a>
Stephen Hall
Microsoft DirectShow vulnerability
2009-05-27/a>
donald smith
WebDAV write-up
2009-05-02/a>
Rick Wanner
Significant increase in port 2967 traffic
2009-02-13/a>
Andre Ludwig
Third party information on conficker
2009-01-31/a>
Swa Frantzen
Windows 7 - not so secure ?
2009-01-12/a>
William Salusky
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout
2008-08-10/a>
Stephen Hall
Fake IE 7 update spam doing the rounds
2008-08-02/a>
Maarten Van Horenbeeck
Issues affecting sites using Sitemeter [resolved]
2008-07-02/a>
Jim Clausing
The scoop on the spike in UDP port 7 traffic
2006-11-20/a>
Joel Esler
MS06-070 Remote Exploit
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Learn
about the Internet Storm Center
and our
volunteer InfoSec handlers