Security Incidents mailing list archives
RE: TCP port 5000 syn increasing
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 18 May 2004 10:18:58 -0500
--On Monday, May 17, 2004 10:43:52 PM -0400 Jose Nazario <jose () monkey org> wrote:
I'd be inclined to agree with you, Jose. I suspect this is something new that's been "distributed" through a bot network of already compromised machines (Agobot/Gaobot). I'm seeing *some* correlation between hosts "poking" me on 3217 and 6129 (Agobot for sure) and 5000, but not on the other ports.using the Internet Motion Sensor project hosted by umich, we've been monitoring global network spaces and looking at the same rise in TCP port 5000 traffic. however, the data doesn't support the theory of kibuv.b entirely.
Of course with the cut and paste worms that are coming out these days, who can say what it really might be?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_incidents_040517 ----------------------------------------------------------------------------
Current thread:
- TCP port 5000 syn increasing Rohny Jotton (May 17)
- Re: TCP port 5000 syn increasing Andreas (May 17)
- Re: TCP port 5000 syn increasing ANDREW STREULE (May 17)
- Re: TCP port 5000 syn increasing Paul Schmehl (May 17)
- Re: TCP port 5000 syn increasing Noel Cuillandre (May 17)
- Re: TCP port 5000 syn increasing Mike Barushok (May 18)
- Re: TCP port 5000 syn increasing ANDREW STREULE (May 17)
- Re: TCP port 5000 syn increasing Andreas (May 17)
- <Possible follow-ups>
- RE: TCP port 5000 syn increasing Terence Runge (May 17)
- RE: TCP port 5000 syn increasing Jose Nazario (May 18)
- RE: TCP port 5000 syn increasing Paul Schmehl (May 18)
- RE: TCP port 5000 syn increasing Frank Knobbe (May 18)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 18)
- Re: TCP port 5000 syn increasing Andreas (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- RE: TCP port 5000 syn increasing Jose Nazario (May 18)
- RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
- RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
- RE: TCP port 5000 syn increasing Paul Schmehl (May 19)