Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Another Call for Packets - Port 502 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another Call for Packets - Port 502

Usually, I don't have two calls for packets on a shift, but this one definately bears looking into and hopefully finding an answer.  There is an increase on port 502, when you look at the targets, that started today.  Till today, life has been pretty quiet on that port.  Port 502 is a known port when dealing with SCADA systems.  According to an article on SCADA Honeynets, "Modbus TCP on port 502 is a widely used, standard SCADA protocol in PLC’s and other field devices that monitor sensors and control instruments." 

If you have packets, logs or ideas on this increase, please send them into us.

Lorna

165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!