|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: TCP port 5000 syn increasing
From: Frank Knobbe (frank
knobbe.us)
Date: Tue May 18 2004 - 13:45:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2004-05-18 at 10:18, Paul Schmehl wrote:
> Of course with the cut and paste worms that are coming out these days,
> who
> can say what it really might be?
That begs the question if it isn't becoming useless nowadays to count
port scans. Perhaps we should focus instead on catching the worms and
provide payload, or payload hashes. Otherwise, how would you pick up the
new strain of SQL slammer amongst all the existing SQL port scans?
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBAqlndJjGc5ftAw8wRArCTAKCwBAwq7uvR3fjdyjK1wqK7HDLjUwCgqbqF
MuckengIT4A4jN1aXIb2Y2Q=
=9duH
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]