Security Incidents mailing list archives

Re: TCP port 5000 syn increasing

From: Valdis.Kletnieks () vt edu
Date: Fri, 21 May 2004 13:54:10 -0400

On Fri, 21 May 2004 13:27:22 +0200, Meidinger Chris <chris.meidinger () badenit de>  said:

but a bot that 'quietly' - meaning somehow less than randomly - infects
boxes in corporate networks, and then goes out over port 80 with legitimate
looking http traffic would be pretty evil. more likely, however, to be of
use to advanced blackhats that to sKiddie's and their ilk.


Eventually, it all falls in to skript kiddie hands sooner or later.  The major
difference is that you usually are able to notice that the ankle-biters are
busy trying to pull their teeth out of your hiking boots....

Attachment: _bin
Description:

Current thread:

Re: TCP port 5000 syn increasing, (continued)
- - - Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 19)
    - Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
    - RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
    - RE: TCP port 5000 syn increasing Nick FitzGerald (May 19)
    - RE: TCP port 5000 syn increasing Paul Schmehl (May 19)
- RE: TCP port 5000 syn increasing Steven Trewick (May 18)
  - RE: [Securityfocus-incidents] RE: TCP port 5000 syn increasing Remko Lodder (May 18)
- RE: TCP port 5000 syn increasing Steven Trewick (May 19)
  - Re: TCP port 5000 syn increasing Bob (May 20)
- RE: TCP port 5000 syn increasing Meidinger Chris (May 21)
  - Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 21)
- Re: TCP port 5000 syn increasing Bob (May 25)