Security Incidents mailing list archives
Re: TCP port 5000 syn increasing
From: Valdis.Kletnieks () vt edu
Date: Tue, 18 May 2004 17:30:43 -0400
On Tue, 18 May 2004 13:45:50 CDT, Frank Knobbe said:
That begs the question if it isn't becoming useless nowadays to count port scans. Perhaps we should focus instead on catching the worms and provide payload, or payload hashes. Otherwise, how would you pick up the new strain of SQL slammer amongst all the existing SQL port scans?
I'm waiting for the first worm that tunnels over HTTP port 80, as a number of protocols already do, to get around firewalls that only pass 25 and 80. ;)
Attachment:
_bin
Description:
Current thread:
- Re: TCP port 5000 syn increasing, (continued)
- Re: TCP port 5000 syn increasing Andreas (May 17)
- Re: TCP port 5000 syn increasing ANDREW STREULE (May 17)
- Re: TCP port 5000 syn increasing Paul Schmehl (May 17)
- Re: TCP port 5000 syn increasing Noel Cuillandre (May 17)
- Re: TCP port 5000 syn increasing Mike Barushok (May 18)
- Re: TCP port 5000 syn increasing ANDREW STREULE (May 17)
- Re: TCP port 5000 syn increasing Andreas (May 17)
- RE: TCP port 5000 syn increasing Jose Nazario (May 18)
- RE: TCP port 5000 syn increasing Paul Schmehl (May 18)
- RE: TCP port 5000 syn increasing Frank Knobbe (May 18)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 18)
- Re: TCP port 5000 syn increasing Andreas (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 19)
- Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
- RE: [Securityfocus-incidents] RE: TCP port 5000 syn increasing Remko Lodder (May 18)