|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: TCP port 5000 syn increasing
From: ANDREW STREULE (brother_wolf
btopenworld.com)
Date: Mon May 17 2004 - 14:24:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
on my honeypot a port 5000 event is almost always
followed by 1 or 2 nbt smb events.
the smb is like
SMB:1 [neg protocol]
Protocols:
PC NETWORK PROGRAM 1.0
LANMAN1.0
Windows for Workgroups 3.1a
LM1.2X002
LANMAN2.1
NT LM 0.12
SMB:2 [session setup X]
SMB:4 [tree con X]
{\\81.x.x.x\ipc$[00]?????}
SMB:5 [nt createX]
Flags:16 Access:2019F Createop:40 Imp:2
{\lsarpc[00]}
SMB:6 [trans]
name: {[10]\PIPE\[00 00]}
all my p5000 events are from 81.x.x.x
~Andy
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]