Signals

All Signals Updated Hourly unless otherwise noted
Signal Description
DNS recursion desired IP Addresses identified as sending recursive DNS queries.
DNS recursion desired IN ANY IP Addresses identified as sending recursive DNS IN ANY queries.
DNS CH TXT version.bind IP Addresses identified as sending DNS CH TXT VERSION.BIND queries.
IP protocol 41 IP Addresses identified as open IPv4 protocol 41 relay (i.e. IPv6 over IPv4).
SIP invitation IP Addresses identified as sending SIP INVITE operations.
SIP query IP Addresses identified as sending SIP OPTIONS queries.
SIP registration IP Addresses identified as sending SIP REGISTER operations.
SMTP data IP Addresses identified as sending SMTP clients sending DATA commands.
SMTP greeting IP Addresses identified as SMTP clients issuing unsolicited HELO or EHLO commands.
SSH client connection IP Addresses identified as performing SSH client protocol negotiations.
SSH id/password pairs SSH id/password credentials observed in password authentication attempts. Updated daily.
SSH password authentication IP Addresses identified as attempting login via SSH password authentication.
TELNET login IP Addresses identified as attempting login via TELNET password authentication.
VNC RFB IP Addresses identified as initiating VNC remote frame buffer sessions. Read more here.