Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 2222 (tcp/udp) Attack Activity Port 2222 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp AMD [trojan] Rootshell left by AMD exploit
tcp rockwell-csp2 Rockwell CSP2
udp rockwell-csp2 Rockwell CSP2
UDP [ICS] Ethernet/IP [ICS] Ethernet/IP
Top IPs Scanning
TodayYesterday
195.154.146.3 (39376)195.154.146.3 (13415)
188.166.89.44 (7004)163.172.19.226 (6477)
188.166.72.212 (5713)187.44.113.33 (6204)
163.172.101.48 (5548)67.168.84.220 (1721)
104.130.124.114 (2036)138.68.242.155 (1384)
67.207.84.36 (1480)188.166.72.212 (1320)
118.27.19.93 (938)118.27.19.93 (1229)
121.139.167.24 (832)101.37.145.204 (753)
73.11.199.186 (684)139.59.215.171 (743)
139.59.215.171 (576)73.11.199.186 (726)
Port diary mentions
URL
2222tcp Probe Increase
Top of page
User Comments
Submitted By Date
Comment
Johannes Ullrich 2020-09-16 13:54:15
Port 2222/udp is used by the Ethernet Industrial Protocol (Ethernet IP) which is used by industrial control systems (ICS)
Johannes Ullrich 2020-09-13 14:35:33
Schneider Modicum Quantum uses port 4418/TCP in addition to 502/TCP (MODBUS) and 2222/UDP (Ethernet Industrial Protocol). CVEs: CVE-2019-6815, CVE-2019-6816
2004-09-09 06:58:57
Microsoft Office under Apple Macintosh OS-X broadcasts (255.255.255.255) UDP to port 2222, supposedly to check if anyone else is using the same version? s/n? of Office.
2004-07-01 16:26:45
Looks like Macs use this port for networking.
Add a comment
Top of page
CVE Links
CVE # Description
CVE-2007-0655
CVE-2018-18388
Top of page