Diaries by Keyword - SANS Internet Storm Center

Participate: Learn more about our honeypot network
https://isc.sans.edu/tools/honeypot/

Handler on Duty: Jesse La Grew

Threat Level: green

Date	Author	Title
NMAP 520 UDP PROTOCOL SPECIFIC SCANNING
2010-02-01	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
NMAP
2022-10-31/a>	Rob VandenBrink	NMAP without NMAP - Port Testing and Scanning with PowerShell
2022-05-25/a>	Rob VandenBrink	Using NMAP to Assess Hosts in Load Balanced Clusters
2022-02-03/a>	Johannes Ullrich	Keeping Track of Your Attack Surface for Cheap
2021-05-31/a>	Rick Wanner	Quick and dirty Python: nmap
2021-01-25/a>	Rob VandenBrink	Fun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2020-05-18/a>	Rick Wanner	Automating nmap scans
2020-05-09/a>	Rick Wanner	Nmap Basics - The Security Practitioner's Swiss Army Knife
2020-05-08/a>	Xavier Mertens	Using Nmap As a Lightweight Vulnerability Scanner
2020-05-07/a>	Bojan Zdrnja	Scanning with nmap?s NSE scripts
2019-08-11/a>	Didier Stevens	Nmap Defcon Release: 7.80
2019-08-07/a>	Bojan Zdrnja	Verifying SSL/TLS configuration (part 2)
2019-07-23/a>	Bojan Zdrnja	Verifying SSL/TLS configuration (part 1)
2019-05-26/a>	Didier Stevens	Video: nmap Service Detection Customization
2017-08-01/a>	Rob VandenBrink	Rooting Out Hosts that Support Older Samba Versions
2017-07-01/a>	Rick Wanner	Using nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue)
2017-01-13/a>	Xavier Mertens	Who's Attacking Me?
2016-02-02/a>	Johannes Ullrich	Targeted IPv6 Scans Using pool.ntp.org .
2016-01-26/a>	Rob VandenBrink	Pentest Time Machine: NMAP + Powershell + whatever tool is next
2015-11-21/a>	Guy Bruneau	Nmap 7.00 is out!
2015-11-08/a>	Rick Wanner	DNS Reconnaissance using nmap
2014-08-12/a>	Adrien de Beaupre	Host discovery with nmap
2014-08-11/a>	Bojan Zdrnja	Verifying preferred SSL/TLS ciphers with Nmap
2014-06-02/a>	Rick Wanner	Using nmap to scan for DDOS reflectors
2013-11-04/a>	Manuel Humberto Santander Pelaez	When attackers use your DNS to check for the sites you are visiting
2013-08-19/a>	Rob VandenBrink	NMAP 6.40 Released (www.nmap.org), Release Notes at www.nmap.org/changelog.html
2013-07-20/a>	Manuel Humberto Santander Pelaez	Do you have rogue Internet gateways in your network? Check it with nmap
2013-07-01/a>	Manuel Humberto Santander Pelaez	Using nmap scripts to enhance vulnerability asessment results
2012-11-30/a>	Daniel Wesemann	Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-06-24/a>	Rick Wanner	nmap 6.01 released - http://nmap.org/download.html
2012-05-22/a>	Johannes Ullrich	nmap 6 released
2012-03-09/a>	Guy Bruneau	Nmap 5.61TEST5 released with 43 new scripts,improved OS & version detection, and more available for download - http://nmap.org/download.html
2012-01-03/a>	Rick Wanner	nmap 5.61TEST4 released
2011-12-06/a>	Kevin Shortt	C\|Net download.com serving malware with nmap software
2011-01-28/a>	Guy Bruneau	Nmap 5.50 Released
2010-03-29/a>	Adrien de Beaupre	Nmap 5.30BETA1 released
2010-02-10/a>	Marcus Sachs	Datacenters and Directory Traversals
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-27/a>	Raul Siles	Nmap 5.21 released (nmap.org): bug-fix only release.
2010-01-20/a>	Guy Bruneau	New stable version of Nmap (5.20) available for download: http://nmap.org/download.html
2009-09-07/a>	Jim Clausing	Seclists.org is finally back
2009-07-16/a>	Bojan Zdrnja	Nmap 5.0 released
2009-05-24/a>	Raul Siles	IIS admins, help finding WebDAV remotely using nmap
2009-03-28/a>	Rick Wanner	New Beta release of Nmap
2009-01-21/a>	Raul Siles	NMAP Trivia ANSWERS: Mastering Network Mapping and Scanning
2008-12-28/a>	Raul Siles	NMAP Trivia: Mastering Network Mapping and Scanning
2008-09-20/a>	Rick Wanner	New (to me) nmap Features
2008-09-10/a>	Adrien de Beaupre	Mailbag: OSSEC 1.6 released, NMAP 4.75 released
2006-12-08/a>	Jim Clausing	nmap-4.20 released
520
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
UDP
2021-06-03/a>	Jim Clausing	Strange goings on with port 37
2020-09-01/a>	Johannes Ullrich	Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
2017-06-16/a>	Lorna Hutcheson	What is going on with Port 83?
2014-09-15/a>	Johannes Ullrich	Google DNS Server IP Address Spoofed for SNMP reflective Attacks
2011-08-08/a>	Rob VandenBrink	Ping is Bad (Sometimes)
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2009-03-17/a>	Johannes Ullrich	Identifying applications using UDP payload
2008-07-02/a>	Jim Clausing	The scoop on the spike in UDP port 7 traffic
PROTOCOL
2022-05-30/a>	Xavier Mertens	New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2013-04-14/a>	Johannes Ullrich	Protocol 61 Packets Follow Up
2013-03-09/a>	Guy Bruneau	IPv6 Focus Month: IPv6 Encapsulation - Protocol 41
2012-03-16/a>	Russ McRee	MS12-020 RDP vulnerabilities: Patch, Mitigate, Detect
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2009-11-05/a>	Swa Frantzen	TLS Man-in-the-middle on renegotiation vulnerability made public
2009-09-07/a>	Jim Clausing	Request for packets
SPECIFIC
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
SCANNING
2024-03-06/a>	Bojan Zdrnja	Scanning and abusing the QUIC protocol
2023-09-23/a>	Guy Bruneau	Scanning for Laravel - a PHP Framework for Web Artisants
2023-08-20/a>	Guy Bruneau	SystemBC Malware Activity
2022-08-26/a>	Guy Bruneau	HTTP/2 Packet Analysis with Wireshark
2022-07-23/a>	Guy Bruneau	Analysis of SSH Honeypot Data with PowerBI
2021-10-30/a>	Guy Bruneau	Remote Desktop Protocol (RDP) Discovery
2021-10-09/a>	Guy Bruneau	Scanning for Previous Oracle WebLogic Vulnerabilities
2021-08-13/a>	Guy Bruneau	Scanning for Microsoft Exchange eDiscovery
2021-07-10/a>	Guy Bruneau	Scanning for Microsoft Secure Socket Tunneling Protocol
2021-06-26/a>	Guy Bruneau	CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability
2021-06-12/a>	Guy Bruneau	Fortinet Targeted for Unpatched SSL VPN Discovery Activity
2021-05-08/a>	Guy Bruneau	Who is Probing the Internet for Research Purposes?
2021-04-24/a>	Guy Bruneau	Base64 Hashes Used in Web Scanning
2021-02-13/a>	Guy Bruneau	Using Logstash to Parse IPtables Firewall Logs
2020-12-05/a>	Guy Bruneau	Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz?
2020-12-04/a>	Guy Bruneau	Detecting Actors Activity with Threat Intel
2020-10-24/a>	Guy Bruneau	An Alternative to Shodan, Censys with User-Agent CensysInspect/1.1
2020-10-03/a>	Guy Bruneau	Scanning for SOHO Routers
2020-08-22/a>	Guy Bruneau	Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?
2020-08-08/a>	Guy Bruneau	Scanning Activity Include Netcat Listener
2020-07-19/a>	Guy Bruneau	Scanning Activity for ZeroShell Unauthenticated Access
2020-07-11/a>	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2020-06-13/a>	Guy Bruneau	Mirai Botnet Activity
2020-05-16/a>	Guy Bruneau	Scanning for Outlook Web Access (OWA) & Microsoft Exchange Control Panel (ECP)
2020-04-07/a>	Johannes Ullrich	Increase in RDP Scanning
2020-03-21/a>	Guy Bruneau	Honeypot - Scanning and Targeting Devices & Services
2020-02-29/a>	Guy Bruneau	Hazelcast IMDG Discover Scan
2019-11-23/a>	Guy Bruneau	Local Malware Analysis with Malice
2019-11-03/a>	Didier Stevens	You Too? "Unusual Activity with Double Base64 Encoding"
2019-10-20/a>	Guy Bruneau	Scanning Activity for NVMS-9000 Digital Video Recorder
2019-09-07/a>	Guy Bruneau	Unidentified Scanning Activity
2018-12-23/a>	Guy Bruneau	Scanning Activity, end Goal is to add Hosts to Mirai Botnet
2017-11-13/a>	Guy Bruneau	jsonrpc Scanning for root account
2017-04-22/a>	Jim Clausing	WTF tcp port 81
2016-02-02/a>	Johannes Ullrich	Targeted IPv6 Scans Using pool.ntp.org .
2014-09-19/a>	Guy Bruneau	Web Scan looking for /info/whitelist.pac
2014-02-15/a>	Rob VandenBrink	More on HNAP - What is it, How to Use it, How to Find it
2014-02-13/a>	Johannes Ullrich	Linksys Worm ("TheMoon") Captured
2014-02-12/a>	Johannes Ullrich	Suspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-12-19/a>	Rob VandenBrink	Passive Scanning Two Ways - How-Tos for the Holidays
2013-12-09/a>	Rob VandenBrink	Scanning without Scanning
2013-10-17/a>	Adrien de Beaupre	Internet wide DNS scanning
2013-08-19/a>	Rob VandenBrink	ZMAP 1.02 released
2012-11-30/a>	Daniel Wesemann	Nmap 6.25 released - lots of new goodies, see http://nmap.org/changelog.html
2012-06-27/a>	Daniel Wesemann	What's up with port 79 ?
2011-07-17/a>	Mark Hofman	SSH Brute Force
2011-02-28/a>	Deborah Hale	Possible Botnet Scanning
2010-08-10/a>	Daniel Wesemann	SSH - new brute force tool?
2010-02-01/a>	Rob VandenBrink	NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?
2010-01-09/a>	G. N. White	What's Up With All The Port Scanning Using TCP/6000 As A Source Port?
2009-06-26/a>	Mark Hofman	PHPMYADMIN scans
2009-06-24/a>	Kyle Haugsness	TCP scanning increase for 4899
2009-02-01/a>	Chris Carboni	Scanning for Trixbox vulnerabilities

NMAP 520 UDP PROTOCOL SPECIFIC SCANNING

NMAP

520

UDP

PROTOCOL

SPECIFIC

SCANNING