Signals

DNS IPv6 SIP SMTP SSH Telnet VNC

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
DNS recursion desired	IP addresses identified as sending recursive DNS queries.	statistics
DNS recursion desired IN ANY	IP addresses identified as sending recursive DNS IN ANY queries.	statistics
DNS TCP	IP addresses identified as sending DNS over TCP port 53 queries.	statistics
DNS Type Name	Unsolicited DNS IN class queries observed including the Type and Name from the queries (in ascending alphabetical order).	statistics
DNS CH TXT version.bind	IP addresses identified as sending DNS CH TXT VERSION.BIND queries.	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
IP protocol 41	IP addresses identified as open IPv4 protocol 41 relay (i.e. IPv6 over IPv4).	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
SIP invitation	IP addresses identified as sending SIP INVITE operations.	statistics
SIP query	IP addresses identified as sending SIP OPTIONS queries.	statistics
SIP registration	IP addresses identified as sending SIP REGISTER operations.	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
SMTP data	IP addresses identified as SMTP clients issuing DATA commands.	statistics
SMTP greeting	IP addresses identified as SMTP clients issuing unsolicited HELO or EHLO commands.	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
SSH client connection	IP addresses identified as performing SSH client protocol negotiations.	statistics
SSH id/password pairs	SSH id/password credentials observed in password authentication attempts. Updated daily.	statistics
SSH password authentication	IP addresses identified as attempting login via SSH password authentication. Read more here	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
TELNET login	IP addresses identified as attempting login via TELNET password authentication.	statistics

All Signals updated hourly unless otherwise noted.
Signal	Description	Statistics
VNC RFB	IP addresses identified as initiating VNC remote frame buffer sessions. Read more here.	statistics