Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 2000 (tcp/udp) Attack Activity - Internet Security | DShield Port 2000 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp callbook callbook
tcp DerSpäher [trojan] Der Späher / Der Spaeher
tcp DerSpherDerSpaeher [trojan] Der Späher / Der Spaeher
tcp InsaneNetwork [trojan] Insane Network
tcp Last2000 [trojan] Last 2000
tcp RemoteExplorer2000 [trojan] Remote Explorer 2000
tcp SennaSpyTrojanGenerator [trojan] Senna Spy Trojan Generator
udp callbook callbook
[get complete service list]
Port diary mentions
URL
Port 2000 spike; New IIS PCT exploit?; Following the bouncing MS patches
User Comments
Submitted By Date
Comment
JB 2018-04-13 01:38:29
Port 2000 traffic increased & trended upward beginning in late March 2018 coinciding with a large group of Cisco problems see for example https://tools.cisco.com/security/center/viewBulletin.x?bId=834&year=2018 . It is reported on Shodan and in the community that port 2000 is used as an FTP server, in many of these same Cisco products, and others.
2015-11-08 03:30:42
Looks like YouDao or 163.com (which owns YouDao) uses port 2000 for an unknown piece of software
Crispin Harris 2010-10-27 18:37:05
According the Wikipedia, this was also used for Cisco Skinny (SCCP) VoIP services
2007-01-10 17:30:56
steckvaughn.harcourtachieve.com uses port 2000 for their GED server/workstation
SkitZZ 2004-11-09 18:02:45
don't know if your aware or not but a week or so ago there was a buffer-overflow vulnerability found in ShixxNOTE 6.net http://www.securityfocus.com/bid/11409/info/ which runs on port 2000.
George Ascione, LightHouse Hosting 2004-11-09 18:02:39
We recently evaluated a copy of RemotelyAnywhere. That software service listens on port 2000 by default. I don't know of anything in particular that may link the increase to this but RemotelyAnywhere when installed with the defaults will be out there listening on this port.
Gary Weichbrodt 2004-11-09 18:02:29
P2P Radio uses this port as well. http://p2p-radio.sourceforge.net/
Add a comment
CVE Links
CVE # Description