Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Port 2222 (tcp/udp) Attack Activity

SANS Site Network

Current Site

Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

Port 2222 (tcp/udp) Attack Activity

Log In or Sign Up for Free!

Loading...

[get complete service list]

Port Information
Protocol	Service	Name
tcp	AMD	[trojan] Rootshell left by AMD exploit
tcp	rockwell-csp2	Rockwell CSP2
udp	rockwell-csp2	Rockwell CSP2
UDP	[ICS] Ethernet/IP	[ICS] Ethernet/IP

Top IPs Scanning
Today	Yesterday
46.101.43.235 (6153)	46.148.20.25 (20404)
46.101.89.150 (6082)	46.101.43.235 (9880)
83.97.20.46 (2931)	46.101.89.150 (9535)
5.101.64.77 (2612)	223.71.167.166 (3024)
185.209.0.59 (1229)	200.6.122.222 (1337)
112.85.42.194 (537)	209.141.37.159 (1230)
5.188.86.173 (473)	185.153.198.211 (1081)
5.188.86.172 (471)	112.85.42.194 (1012)
112.85.42.89 (468)	185.209.0.59 (957)
5.188.86.213 (455)	5.188.86.173 (922)

Port diary mentions
URL
2222tcp Probe Increase

User Comments
Submitted By	Date
Comment
	2004-09-09 06:58:57
Microsoft Office under Apple Macintosh OS-X broadcasts (255.255.255.255) UDP to port 2222, supposedly to check if anyone else is using the same version? s/n? of Office.
	2004-07-01 16:26:45
Looks like Macs use this port for networking.

CVE Links
CVE #	Description