Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Another Call for Packets - Port 502 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another Call for Packets - Port 502

Usually, I don't have two calls for packets on a shift, but this one definately bears looking into and hopefully finding an answer.  There is an increase on port 502, when you look at the targets, that started today.  Till today, life has been pretty quiet on that port.  Port 502 is a known port when dealing with SCADA systems.  According to an article on SCADA Honeynets, "Modbus TCP on port 502 is a widely used, standard SCADA protocol in PLC’s and other field devices that monitor sensors and control instruments." 

If you have packets, logs or ideas on this increase, please send them into us.

Lorna

165 Posts
ISC Handler
Jun 28th 2008

Sign Up for Free or Log In to start participating in the conversation!