Another Call for Packets – Port 502

June 29, 2008 – 11:44 AM

Usually, I don’t have two calls for packets on a shift, but this one definately bears looking into and hopefully finding an answer. There is an increase on port 502, when you look at the targets, that started today. Till today, life has been pretty quiet on that port. Port 502 is a known port when dealing with SCADA systems. According to an article on SCADA Honeynets, “Modbus TCP on port 502 is a widely used, standard SCADA protocol in PLC’s and other field devices that monitor sensors and control instruments.”

If you have packets, logs or ideas on this increase, please send them into us.

SANS Internet Storm Center; Cooperative Network Security Community – Internet Security – isc

You must be logged in to post a comment.