PORT 6000 SCANNING |
| 2010-01-09 | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
PORT |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2025-02-26/a> | Jesse La Grew | [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data |
| 2025-01-23/a> | Johannes Ullrich | XSS Attempts via E-Mail |
| 2024-06-17/a> | Xavier Mertens | New NetSupport Campaign Delivered Through MSIX Packages |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2023-08-18/a> | Xavier Mertens | From a Zalando Phishing to a RAT |
| 2022-10-31/a> | Rob VandenBrink | NMAP without NMAP - Port Testing and Scanning with PowerShell |
| 2022-10-21/a> | Brad Duncan | sczriptzzbn inject pushes malware for NetSupport RAT |
| 2022-10-19/a> | Xavier Mertens | Are Internet Scanning Services Good or Bad for You? |
| 2022-01-02/a> | Guy Bruneau | Exchange Server - Email Trapped in Transport Queues |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-06-03/a> | Jim Clausing | Strange goings on with port 37 |
| 2021-02-25/a> | Jim Clausing | So where did those Satori attacks come from? |
| 2021-02-16/a> | Jim Clausing | More weirdness on TCP port 26 |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-02-05/a> | Brad Duncan | Fake browser update pages are "still a thing" |
| 2019-11-19/a> | Johannes Ullrich | Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
| 2019-08-01/a> | Johannes Ullrich | What is Listening On Port 9527/TCP? |
| 2019-07-26/a> | Kevin Shortt | DVRIP Port 34567 - Uptick |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2018-12-16/a> | Guy Bruneau | Random Port Scan for Open RDP Backdoor |
| 2018-01-09/a> | Jim Clausing | What is going on with port 3333? |
| 2017-09-22/a> | Russell Eubanks | What is the State of Your Union? |
| 2017-09-05/a> | Johannes Ullrich | The Mirai Botnet: A Look Back and Ahead At What's Next |
| 2017-08-18/a> | Guy Bruneau | tshark 2.4 New Feature - Command Line Export Objects |
| 2017-06-16/a> | Lorna Hutcheson | What is going on with Port 83? |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2017-01-28/a> | Guy Bruneau | Request for Packets and Logs - TCP 5358 |
| 2017-01-10/a> | Johannes Ullrich | Port 37777 "MapTable" Requests |
| 2016-05-26/a> | Xavier Mertens | Keeping an Eye on Tor Traffic |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2015-09-28/a> | Johannes Ullrich | "Transport of London" Malicious E-Mail |
| 2015-06-27/a> | Guy Bruneau | Is Windows XP still around in your Network a year after Support Ended? |
| 2015-04-08/a> | Tom Webb | Is it a breach or not? |
| 2014-10-13/a> | Lorna Hutcheson | For or Against: Port Security for Network Access Control |
| 2014-09-15/a> | Johannes Ullrich | Google DNS Server IP Address Spoofed for SNMP reflective Attacks |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-06-11/a> | Daniel Wesemann | Help your pilot fly! |
| 2014-05-23/a> | Richard Porter | Highlights from Cisco Live 2014 - The Internet of Everything |
| 2014-03-26/a> | Johannes Ullrich | Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed. |
| 2014-03-13/a> | Daniel Wesemann | Identification and authentication are hard ... finding out intention is even harder |
| 2014-03-06/a> | Mark Baggett | Port 5000 traffic and snort signature |
| 2014-01-22/a> | Chris Mohan | Learning from the breaches that happens to others |
| 2014-01-11/a> | Guy Bruneau | tcpflow 1.4.4 and some of its most Interesting Features |
| 2014-01-02/a> | Johannes Ullrich | Scans Increase for New Linksys Backdoor (32764/TCP) |
| 2013-11-25/a> | Johannes Ullrich | More Bad Port 0 Traffic |
| 2013-11-22/a> | Rick Wanner | Port 0 DDOS |
| 2013-10-30/a> | Russ McRee | SIR v15: Five good reasons to leave Windows XP behind |
| 2013-05-19/a> | Kevin Shortt | Port 51616 - Got Packets? |
| 2013-03-03/a> | Richard Porter | Uptick in MSSQL Activity |
| 2013-01-08/a> | Richard Porter | Yahoo Web Interface Report: Compose and Send |
| 2012-12-06/a> | Daniel Wesemann | Fake tech support calls - revisited |
| 2012-10-03/a> | Kevin Shortt | Fake Support Calls Reported |
| 2012-01-27/a> | Mark Hofman | CISCO Ironport C & M Series telnet vulnerability |
| 2012-01-13/a> | Guy Bruneau | Sysinternals Updates - http://blogs.technet.com/b/sysinternals/archive/2012/01/13/updates-autoruns-v11-21-coreinfo-v3-03-portmon-v-3-03-process-explorer-v15-12-mark-s-blog-and-mark-at-rsa-2012.aspx |
| 2011-11-11/a> | Rick Wanner | APPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update |
| 2011-10-25/a> | Chris Mohan | Recurring reporting made easy? |
| 2011-08-25/a> | Kevin Shortt | Increased Traffic on Port 3389 |
| 2011-06-29/a> | Johannes Ullrich | Random SSL Tips and Tricks |
| 2011-06-21/a> | Chris Mohan | Australian government security audit report shows tough love to agencies |
| 2011-05-23/a> | Mark Hofman | Microsoft Support Scam (again) |
| 2011-04-20/a> | Daniel Wesemann | Data Breach Investigations Report published by Verizon |
| 2011-01-25/a> | Chris Mohan | Reviewing our preconceptions |
| 2011-01-24/a> | Rob VandenBrink | Where have all the COM Ports Gone? - How enumerating COM ports led to me finding a “misplaced” Microsoft tool |
| 2011-01-15/a> | Jim Clausing | What's up with port 8881? |
| 2011-01-08/a> | Guy Bruneau | PandaLabs 2010 Annual Report |
| 2010-11-24/a> | Jim Clausing | Help with odd port scans |
| 2010-08-16/a> | Raul Siles | The Seven Deadly Sins of Security Vulnerability Reporting |
| 2010-07-29/a> | Rob VandenBrink | The 2010 Verizon Data Breach Report is Out |
| 2010-07-06/a> | Rob VandenBrink | Bogus Support Organizations use Live Operators to Install Malware |
| 2010-06-15/a> | Manuel Humberto Santander Pelaez | Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild |
| 2010-04-20/a> | Raul Siles | Are You Ready for a Transportation Collapse...? |
| 2010-03-01/a> | Mark Hofman | Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update. |
| 2010-02-03/a> | Rob VandenBrink | Support for Legacy Browsers |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2009-10-28/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 28 - ntp (123/udp) |
| 2009-10-25/a> | Lorna Hutcheson | Cyber Security Awareness Month - Day 25 - Port 80 and 443 |
| 2009-10-21/a> | Pedro Bueno | Cyber Security Awareness Month - Day 21 - Port 135 |
| 2009-10-17/a> | Rick Wanner | Cyber Security Awareness Month - Day 17 - Port 22/SSH |
| 2009-10-15/a> | Deborah Hale | Cyber Security Awareness Month - Day 15 - Ports 995, 465, and 993 - Secure Email |
| 2009-10-11/a> | Mark Hofman | Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP) |
| 2009-10-08/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 8 - Port 25 - SMTP |
| 2009-05-02/a> | Rick Wanner | Significant increase in port 2967 traffic |
| 2009-04-15/a> | Marcus Sachs | 2009 Data Breach Investigation Report |
| 2009-01-21/a> | Raul Siles | Traffic increase for port UDP/8247 |
| 2008-12-16/a> | donald smith | Cisco's Annual Security report has been released. |
| 2008-08-02/a> | Maarten Van Horenbeeck | A little of that human touch |
| 2008-07-02/a> | Jim Clausing | The scoop on the spike in UDP port 7 traffic |
| 2008-05-26/a> | Marcus Sachs | Port 1533 on the Rise |
| 2008-04-27/a> | Marcus Sachs | What's With Port 20329? |
| 2008-04-10/a> | Deborah Hale | DSLReports Being Attacked Again |
| 2008-04-08/a> | Swa Frantzen | Symantec's Global Internet Security Threat Report |
| 2006-11-29/a> | Toby Kohlenberg | New Vulnerability Announcement and patches from Apple |
| 2006-09-21/a> | Johannes Ullrich | Apple updates Airport Drivers |
6000 |
| 2019-11-19/a> | Johannes Ullrich | Cheap Chinese JAWS of DVR Exploitability on Port 60001 |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
SCANNING |
| 2025-04-29/a> | Guy Bruneau | Web Scanning Sonicwall for CVE-2021-20016 |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-03-06/a> | Bojan Zdrnja | Scanning and abusing the QUIC protocol |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2023-08-20/a> | Guy Bruneau | SystemBC Malware Activity |
| 2022-08-26/a> | Guy Bruneau | HTTP/2 Packet Analysis with Wireshark |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2021-10-30/a> | Guy Bruneau | Remote Desktop Protocol (RDP) Discovery |
| 2021-10-09/a> | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-08-13/a> | Guy Bruneau | Scanning for Microsoft Exchange eDiscovery |
| 2021-07-10/a> | Guy Bruneau | Scanning for Microsoft Secure Socket Tunneling Protocol |
| 2021-06-26/a> | Guy Bruneau | CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability |
| 2021-06-12/a> | Guy Bruneau | Fortinet Targeted for Unpatched SSL VPN Discovery Activity |
| 2021-05-08/a> | Guy Bruneau | Who is Probing the Internet for Research Purposes? |
| 2021-04-24/a> | Guy Bruneau | Base64 Hashes Used in Web Scanning |
| 2021-02-13/a> | Guy Bruneau | Using Logstash to Parse IPtables Firewall Logs |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-10-24/a> | Guy Bruneau | An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1 |
| 2020-10-03/a> | Guy Bruneau | Scanning for SOHO Routers |
| 2020-08-22/a> | Guy Bruneau | Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common? |
| 2020-08-08/a> | Guy Bruneau | Scanning Activity Include Netcat Listener |
| 2020-07-19/a> | Guy Bruneau | Scanning Activity for ZeroShell Unauthenticated Access |
| 2020-07-11/a> | Guy Bruneau | Scanning Home Internet Facing Devices to Exploit |
| 2020-06-13/a> | Guy Bruneau | Mirai Botnet Activity |
| 2020-05-16/a> | Guy Bruneau | Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP) |
| 2020-04-07/a> | Johannes Ullrich | Increase in RDP Scanning |
| 2020-03-21/a> | Guy Bruneau | Honeypot - Scanning and Targeting Devices & Services |
| 2020-02-29/a> | Guy Bruneau | Hazelcast IMDG Discover Scan |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2019-10-20/a> | Guy Bruneau | Scanning Activity for NVMS-9000 Digital Video Recorder |
| 2019-09-07/a> | Guy Bruneau | Unidentified Scanning Activity |
| 2018-12-23/a> | Guy Bruneau | Scanning Activity, end Goal is to add Hosts to Mirai Botnet |
| 2017-11-13/a> | Guy Bruneau | jsonrpc Scanning for root account |
| 2017-04-22/a> | Jim Clausing | WTF tcp port 81 |
| 2016-02-02/a> | Johannes Ullrich | Targeted IPv6 Scans Using pool.ntp.org . |
| 2014-09-19/a> | Guy Bruneau | Web Scan looking for /info/whitelist.pac |
| 2014-02-15/a> | Rob VandenBrink | More on HNAP - What is it, How to Use it, How to Find it |
| 2014-02-13/a> | Johannes Ullrich | Linksys Worm ("TheMoon") Captured |
| 2014-02-12/a> | Johannes Ullrich | Suspected Mass Exploit Against Linksys E1000 / E1200 Routers |
| 2013-12-19/a> | Rob VandenBrink | Passive Scanning Two Ways - How-Tos for the Holidays |
| 2013-12-09/a> | Rob VandenBrink | Scanning without Scanning |
| 2013-10-17/a> | Adrien de Beaupre | Internet wide DNS scanning |
| 2013-08-19/a> | Rob VandenBrink | ZMAP 1.02 released |
| 2012-11-30/a> | Daniel Wesemann | Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html |
| 2012-06-27/a> | Daniel Wesemann | What's up with port 79 ? |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-02-28/a> | Deborah Hale | Possible Botnet Scanning |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-02-01/a> | Rob VandenBrink | NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care? |
| 2010-01-09/a> | G. N. White | What's Up With All The Port Scanning Using TCP/6000 As A Source Port? |
| 2009-06-26/a> | Mark Hofman | PHPMYADMIN scans |
| 2009-06-24/a> | Kyle Haugsness | TCP scanning increase for 4899 |
| 2009-02-01/a> | Chris Carboni | Scanning for Trixbox vulnerabilities |
