Thinking...
[get complete service list]
Port Information
Protocol Service Name
tcp ssh alternative ssh (Cowrie)
tcp AMD [trojan] Rootshell left by AMD exploit
tcp rockwell-csp2 Rockwell CSP2
udp rockwell-csp2 Rockwell CSP2
UDP [ICS] Ethernet/IP [ICS] Ethernet/IP
tcp EtherNet-IP-1 "EtherNet/IP I/O IANA assigned this well-formed service name as a replacement for ""EtherNet/IP-1""."
tcp EtherNet/IP-1 EtherNet/IP I/O
udp EtherNet-IP-1 "EtherNet/IP I/O IANA assigned this well-formed service name as a replacement for ""EtherNet/IP-1""."
udp EtherNet/IP-1 EtherNet/IP I/O
Top IPs Scanning
Today Yesterday
128.199.18.249 (13749)128.199.18.249 (28228)
45.135.232.24 (6173)139.199.80.137 (14880)
93.152.230.175 (3987)45.135.232.24 (11494)
148.72.158.192 (3556)196.251.71.217 (8985)
139.199.80.137 (3176)45.134.26.79 (7987)
45.134.26.79 (1966)45.135.232.177 (7863)
45.135.232.177 (1904)148.72.158.192 (7007)
31.145.191.148 (1733)45.140.17.124 (6961)
45.140.17.124 (1717)93.152.230.175 (6028)
45.135.232.92 (1203)46.38.149.130 (5260)
Port diary mentions
URL
2222tcp Probe Increase
User Comments
Submitted By Date
Comment
Johannes Ullrich 2020-09-16 13:54:15
Port 2222/udp is used by the Ethernet Industrial Protocol (Ethernet IP) which is used by industrial control systems (ICS)
Johannes Ullrich 2020-09-13 14:35:33
Schneider Modicum Quantum uses port 4418/TCP in addition to 502/TCP (MODBUS) and 2222/UDP (Ethernet Industrial Protocol). CVEs: CVE-2019-6815, CVE-2019-6816
2004-09-09 06:58:57
Microsoft Office under Apple Macintosh OS-X broadcasts (255.255.255.255) UDP to port 2222, supposedly to check if anyone else is using the same version? s/n? of Office.
2004-07-01 16:26:45
Looks like Macs use this port for networking.
CVE Links
CVE # Description
CVE-2007-0655 The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
CVE-2018-18388