Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another Call for Packets - Port 502

Published: 2008-06-28
Last Updated: 2008-06-28 20:12:07 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)

Usually, I don't have two calls for packets on a shift, but this one definately bears looking into and hopefully finding an answer.  There is an increase on port 502, when you look at the targets, that started today.  Till today, life has been pretty quiet on that port.  Port 502 is a known port when dealing with SCADA systems.  According to an article on SCADA Honeynets, "Modbus TCP on port 502 is a widely used, standard SCADA protocol in PLC’s and other field devices that monitor sensors and control instruments." 

If you have packets, logs or ideas on this increase, please send them into us.

Keywords:
0 comment(s)
Diary Archives