RE: TCP port 5000 syn increasing

[Nick FitzGerald <nick () virus-l demon co uk>]

Frank Knobbe <frank () knobbe us> wrote:

> That begs the question if it isn't becoming useless nowadays to count
> port scans. Perhaps we should focus instead on catching the worms and
> provide payload, or payload hashes. Otherwise, how would you pick up the
> new strain of SQL slammer amongst all the existing SQL port scans?

Well, some of us not only are doing this, but have been for several 
years (at least for a select group of likely ports).

I know of several "home brew" projects in the anti-malware community 
that more or less do what you propose, and at least one of them is 
publicly available and looking for more dedicated nodes.  If you're up 
for running a well-configured Windows box with open Internet access, 
have a look at WormRadar:

   http://www.wormradar.com/

This is an offshoot of an earlier, similar effort which, among other 
things, was the first to detect several variants of CodeRed.  I'm not 
directly related to this project, but was one of the very early users 
of WormRadar's forbear, WormCatcher.  WormRadar is a private project of 
Roger Thompson, one of the very early AV industry folk (he developed at 
least two detection engines for two different product lines), more 
recently Director of Malware Research at ICSA and now VP of Product 
Development at PestPatrol.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040517
----------------------------------------------------------------------------