| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: administrator at maginetworks.com (J. Theriault) Subject: Port 5000 Geo. wrote: > Does anyone know what's causing the port 5000 scans yet? > > http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab > > > > > > c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query > > > > > > > > Geo. > > _______________________________________________ Full-Disclosure - We > believe in it. Charter: > http://lists.netsys.com/full-disclosure-charter.html Hello Geo, This seems to be it: -------- Original Message -------- > Subject: RE: TCP port 5000 syn increasing Date: Mon, 17 May 2004 > 14:11:47 -0700 From: Terence Runge <Terence.Runge@...itas.com> To: > Leonardo <lmuroya@....com.br>, Rohny Jotton > <rohnyjotton@...mail.com>,incidents@...urityfocus.com > http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=20301309High > > Port 5000 Traffic Indicates Kibuv.b Worm At Work > > By TechWeb News > > Symantec's DeepSight Threat network Monday detected a very high level > of unusual traffic on TCP port 5000 that indicates a worm's at work. > > > > The latest alert, which notes "extremely heavy activity" on port > 5000, is "almost certainly a worm-related activity," said Alfred > Huger, the vice president of engineering for Symantec's virus watch > group. > > The suspected culprit is the Kibuv.b worm, which hit the Internet > over the weekend and exploits a vulnerability in Windows' Universal > Plug and Play (UPnP) service within Windows 98, Me, and XP. The UPnP > vulnerability was first disclosed and patched in late 2001. Cheers, J. Theriault administrator@...inetworks.com
Powered by blists - more mailing lists