Does anyone know what's causing the port 5000 scans yet?
http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
Geo.
_______________________________________________ Full-Disclosure - We
believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Subject: RE: TCP port 5000 syn increasing Date: Mon, 17 May 2004 14:11:47 -0700 From: Terence Runge <Terence.Runge@xxxxxxxxxxx> To: Leonardo <lmuroya@xxxxxxxxxx>, Rohny Jotton <rohnyjotton@xxxxxxxxxxx>,incidents@xxxxxxxxxxxxxxxxxhttp://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=20301309High
Port 5000 Traffic Indicates Kibuv.b Worm At Work
By TechWeb News
Symantec's DeepSight Threat network Monday detected a very high level of unusual traffic on TCP port 5000 that indicates a worm's at work.
The latest alert, which notes "extremely heavy activity" on port 5000, is "almost certainly a worm-related activity," said Alfred Huger, the vice president of engineering for Symantec's virus watch group.
The suspected culprit is the Kibuv.b worm, which hit the Internet over the weekend and exploits a vulnerability in Windows' Universal Plug and Play (UPnP) service within Windows 98, Me, and XP. The UPnP
vulnerability was first disclosed and patched in late 2001.
J. Theriault administrator@xxxxxxxxxxxxxxxx
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html