RE: TCP port 5000 syn increasing
From: Terence Runge (Terence.Runge_at_veritas.com)
Date: 05/17/04
- Previous message: Leonardo: "Re: TCP port 5000 syn increasing"
- Maybe in reply to: Rohny Jotton: "TCP port 5000 syn increasing"
- Next in thread: Jose Nazario: "RE: TCP port 5000 syn increasing"
- Reply: Jose Nazario: "RE: TCP port 5000 syn increasing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Leonardo <lmuroya@uol.com.br>, Rohny Jotton <rohnyjotton@hotmail.com>, incidents@securityfocus.com Date: Mon, 17 May 2004 14:11:47 -0700
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=20301309H
igh
Port 5000 Traffic Indicates Kibuv.b Worm At Work
By TechWeb News
Symantec's DeepSight Threat network Monday detected a very high level of
unusual traffic on TCP port 5000 that indicates a worm's at work.
The latest alert, which notes "extremely heavy activity" on port 5000, is
"almost certainly a worm-related activity," said Alfred Huger, the vice
president of engineering for Symantec's virus watch group.
The suspected culprit is the Kibuv.b worm, which hit the Internet over the
weekend and exploits a vulnerability in Windows' Universal Plug and Play
(UPnP) service within Windows 98, Me, and XP. The UPnP vulnerability was
first disclosed and patched in late 2001.
-----Original Message-----
From: Leonardo [mailto:lmuroya@uol.com.br]
Sent: Monday, May 17, 2004 1:00 PM
To: Rohny Jotton; incidents@securityfocus.com
Subject: Re: TCP port 5000 syn increasing
http://isc.sans.org/port_details.php?port=5000
----- Original Message -----
From: "Rohny Jotton" <rohnyjotton@hotmail.com>
To: <incidents@securityfocus.com>
Sent: Sunday, May 16, 2004 9:49 PM
Subject: TCP port 5000 syn increasing
> I'm seeing a large amount of these attempts starting around 1:00 PM EST
> Sunday. They're getting blocked at the edge so I don't have any more info
> than that. I'm seeing about one a second from various hosts/networks.
>
> isc.sans.org shows that port related to various backdoors. Someone or
> something is getting busy.
>
> _________________________________________________________________
> MSN Toolbar provides one-click access to Hotmail from any Web page - FREE
> download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Leonardo: "Re: TCP port 5000 syn increasing"
- Maybe in reply to: Rohny Jotton: "TCP port 5000 syn increasing"
- Next in thread: Jose Nazario: "RE: TCP port 5000 syn increasing"
- Reply: Jose Nazario: "RE: TCP port 5000 syn increasing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
