[Dshield] port 515 surge
Johannes B. Ullrich
jullrich at euclidian.com
Thu Oct 25 20:00:08 GMT 2001
-----BEGIN PGP SIGNED MESSAGE-----
> I noticed in myreports.php that port 515 is not given a "danger" icon.
> It appears as benign as RealPlayer port 6970. These seem to be quite
> "evil" scans.. so shouldn't they at least get a status of "Medium"(A
> yellow dot)?
Thanks for the note. I made it a red dot (high) as it is unlikely that
someone is hitting it for legitimate reason.
I also made 'finger' (port 79) yellow. After all, it is more like
'knocking at the door' and I don't think there are any current
vulnerabilities going around for it.
(as you may realize, these ratings are somewhat subjective and of course
open for discussion. The idea is that 'red' or 'high' means that it is
unlikely that someone is connecting to the port by mistake or that active
exploits are being used against services on this ports.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the list