Signals
| Signal | Description | Statistics |
|---|---|---|
| DNS recursion desired | IP addresses identified as sending recursive DNS queries. | statistics |
| DNS recursion desired IN ANY | IP addresses identified as sending recursive DNS IN ANY queries. | statistics |
| DNS TCP | IP addresses identified as sending DNS over TCP port 53 queries. | statistics |
| DNS Type Name | Unsolicited DNS IN class queries observed including the Type and Name from the queries (in ascending alphabetical order). | statistics |
| DNS CH TXT version.bind | IP addresses identified as sending DNS CH TXT VERSION.BIND queries. | statistics |
| Signal | Description | Statistics |
|---|---|---|
| IP protocol 41 | IP addresses identified as open IPv4 protocol 41 relay (i.e. IPv6 over IPv4). | statistics |
| Signal | Description | Statistics |
|---|---|---|
| NTP Mode 3 | IP addresses identified as initiating NTP Mode 3; Client Mode which is requesting time synchronization from an NTP server. | statistics |
| NTP Mode 6 | IP addresses identified as initiating NTP Mode 6; Control Query which is used to remotely monitor and reconfigure ntpd instances. | statistics |
| NTP Mode 7 | IP addresses identified as initiating NTP Mode 7; Private Mode which is a legacy unauthenticated query system often used in monlist reflection attacks. | statistics |
| Signal | Description | Statistics |
|---|---|---|
| SIP invitation | IP addresses identified as sending SIP INVITE operations. | statistics |
| SIP query | IP addresses identified as sending SIP OPTIONS queries. | statistics |
| SIP registration | IP addresses identified as sending SIP REGISTER operations. | statistics |
| Signal | Description | Statistics |
|---|---|---|
| SMTP data | IP addresses identified as SMTP clients issuing DATA commands. | statistics |
| SMTP greeting | IP addresses identified as SMTP clients issuing unsolicited HELO or EHLO commands. | statistics |
| Signal | Description | Statistics |
|---|---|---|
| SSH client connection | IP addresses identified as performing SSH client protocol negotiations. | statistics |
| SSH id/password pairs | SSH id/password credentials observed in password authentication attempts. Updated daily. | statistics |
| SSH password authentication | IP addresses identified as attempting login via SSH password authentication. Read more here | statistics |
| Signal | Description | Statistics |
|---|---|---|
| TELNET login | IP addresses identified as attempting login via TELNET password authentication. | statistics |
| Signal | Description | Statistics |
|---|---|---|
| VNC RFB | IP addresses identified as initiating VNC remote frame buffer sessions. Read more here. | statistics |