[Dshield] port 515 surge

Johannes B. Ullrich jullrich at euclidian.com
Thu Oct 25 20:00:08 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> I noticed in myreports.php that port 515 is not given a "danger" icon. 
> It appears as benign as RealPlayer port 6970. These seem to be quite 
> "evil" scans.. so shouldn't they at least get a status of "Medium"(A 
> yellow dot)?

Thanks for the note. I made it a red dot (high) as it is unlikely that 
someone is hitting it for legitimate reason.

I also made 'finger' (port 79) yellow. After all, it is more like 
'knocking at the door' and I don't think there are any current 
vulnerabilities going around for it.

(as you may realize, these ratings are somewhat subjective and of course 
open for discussion. The idea is that 'red' or 'high' means that it is 
unlikely that someone is connecting to the port by mistake or that active 
exploits are being used against services on this ports.)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE72G9KVOIizK5pIDMRArk9AKCdNYGEE9S6fRbLzkXbkFLsefEV3gCfcKEL
1mHZV1HYtebymYzTYdW+m00=
=j5bu
-----END PGP SIGNATURE-----




More information about the list mailing list