|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: TCP port 5000 syn increasing
Valdis.Kletnieks
vt.edu
Date: Tue May 18 2004 - 16:30:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 18 May 2004 13:45:50 CDT, Frank Knobbe said:
> That begs the question if it isn't becoming useless nowadays to count
> port scans. Perhaps we should focus instead on catching the worms and
> provide payload, or payload hashes. Otherwise, how would you pick up the
> new strain of SQL slammer amongst all the existing SQL port scans?
I'm waiting for the first worm that tunnels over HTTP port 80, as a number
of protocols already do, to get around firewalls that only pass 25 and 80. ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAqoCDcC3lWbTT17ARAmHQAKDm4VlPiw64BEFA8mfBvzcA8YpFgACg3ZtF
NPEfKu0oAIyl68yLO3a9394=
=gFSG
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]