North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Port 5000
- From: James Reid
- Date: Tue May 18 10:41:12 2004
Since it is completing a TCP handshake, the IP addresses are
very likely to be the source of the scan. ISN generation on
every modern OS is sufficiently random to prevent opportunistic
TCP spoofing from something like a worm.
While there are probably some exceptions to this statement,
there are too few to be significant.
On Tue, 18 May 2004, Doug White wrote:
:Now that we know it's Bobax scanning http://isc.sans.org/diary.php do we
:know if the source IP's are legit or spoofed?
:Our Anti-spam solution works!!
:For hosting solutions http://www.clickdoug.com
:----- Original Message -----
:From: "Geo." <email@example.com>
:Sent: Tuesday, May 18, 2004 8:15 AM
:Subject: Port 5000
:: We are seeing many customers here probing port 5000 across the network. It
:: appears to be some new worm or something but I've had no luck yet in
:: figuring out what it is except to say norton AV detects nothing yet.
:: Anyone have a clue?
:: the jump in traffic is obvious.
James Reid, CISSP