|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: TCP port 5000 syn increasing
From: Paul Schmehl (pauls
utdallas.edu)
Date: Tue May 18 2004 - 10:18:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--On Monday, May 17, 2004 10:43:52 PM -0400 Jose Nazario <josemonkey.org>
wrote:
> using the Internet Motion Sensor project hosted by umich, we've been
> monitoring global network spaces and looking at the same rise in TCP port
> 5000 traffic. however, the data doesn't support the theory of kibuv.b
> entirely.
>
I'd be inclined to agree with you, Jose. I suspect this is something new
that's been "distributed" through a bot network of already compromised
machines (Agobot/Gaobot). I'm seeing *some* correlation between hosts
"poking" me on 3217 and 6129 (Agobot for sure) and 5000, but not on the
other ports.
Of course with the cut and paste worms that are coming out these days, who
can say what it really might be?
Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040517
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]