Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 81 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 81 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[get complete service list]
Port Information
Protocol Service Name
tcp hosts2-ns HOSTS2 Name Server
tcp RemoConChubo [trojan] RemoConChubo
udp hosts2-ns HOSTS2 Name Server
tcp docs-to-go Palm Documents to Go
Top IPs Scanning
TodayYesterday (1740) (3745) (1275) (2305) (1229) (2239) (1184) (2203) (785) (1635) (753) (1066) (610) (851) (562) (778) (503) (568) (426) (497)
Port diary mentions
WTF tcp port 81
DVRIP Port 34567 - Uptick
User Comments
Submitted By Date
Steve Arnold 2009-10-04 18:45:22
Reported today by Sophos as the port used by the e-mailed "carrier" (VBS script) of W32/Bagle-Q to download the virus.
TomazF 2009-10-04 18:45:22
new version (18.03.2004) of worm Beagle is working on port 81, opens PHP with ActiveX script ans install sm.exe -> \winnt\system32\directs.exe and infects then plenty of EXEs see virus email body: <html><body> <font face="System"> <OBJECT STYLE="display:none" DATA=""> </OBJECT></body></html> Rgrds, Tomaz
Diesel 2008-05-15 14:28:49
this port is used between http proxies
Just found 2008-04-29 18:22:33
igo-incognito user-authentication-for-watchguard-products IGo Incognito Data Port | | IGo Incognito Data Port
Joshua 2004-03-19 04:46:52
Secondary HTTP servers are often found on ports 81 through 83.
Tinga 2004-02-10 19:49:57
Port is also used for McAfee ePO console to server communications
Add a comment
CVE Links
CVE # Description