nanog mailing list archives
Re: Port 5000
From: James Reid <jreid () vapour net>
Date: Tue, 18 May 2004 10:16:33 -0400 (EDT)
Since it is completing a TCP handshake, the IP addresses are very likely to be the source of the scan. ISN generation on every modern OS is sufficiently random to prevent opportunistic TCP spoofing from something like a worm. While there are probably some exceptions to this statement, there are too few to be significant. On Tue, 18 May 2004, Doug White wrote: :Now that we know it's Bobax scanning http://isc.sans.org/diary.php do we :know if the source IP's are legit or spoofed? : :====================================== :Our Anti-spam solution works!! :http://www.clickdoug.com/mailfilter.cfm :For hosting solutions http://www.clickdoug.com :http://www.forta.com/cf/isp/isp.cfm?isp_id=1069 :====================================== : : :----- Original Message ----- :From: "Geo." <geoincidents () nls net> :To: <nanog () merit edu> :Sent: Tuesday, May 18, 2004 8:15 AM :Subject: Port 5000 : : :: :: We are seeing many customers here probing port 5000 across the network. It :: appears to be some new worm or something but I've had no luck yet in :: figuring out what it is except to say norton AV detects nothing yet. :: :: Anyone have a clue? :: :: http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab :: c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query :: :: the jump in traffic is obvious. :: :: Geo. :: :: :: : -- James Reid, CISSP
Current thread:
- Re: Barracuda Networks Spam Firewall, (continued)
- Re: Barracuda Networks Spam Firewall Randy Bush (May 19)
- Re: Barracuda Networks Spam Firewall Eric A. Hall (May 19)
- Re: Barracuda Networks Spam Firewall Richard Cox (May 20)
- Re: Barracuda Networks Spam Firewall Martin Hepworth (May 18)
- Re: Barracuda Networks Spam Firewall Martin Hepworth (May 18)
- Re: Barracuda Networks Spam Firewall Matthew Crocker (May 18)
- Re: Barracuda Networks Spam Firewall Martin Hepworth (May 18)
- Port 5000 Geo. (May 18)
- Re: Port 5000 Erik Haagsman (May 18)
- Re: Port 5000 Doug White (May 18)
- Re: Port 5000 James Reid (May 18)
- Re: Barracuda Networks Spam Firewall Jared B. Reimer (May 17)
- Re: Barracuda Networks Spam Firewall Jared B. Reimer (May 17)
- Re: Barracuda Networks Spam Firewall jlewis (May 17)
- Re: Barracuda Networks Spam Firewall Majdi S. Abbas (May 18)
- Re: Barracuda Networks Spam Firewall Valdis . Kletnieks (May 18)
- Re: Barracuda Networks Spam Firewall Christopher X. Candreva (May 18)
- Re: Barracuda Networks Spam Firewall Valdis . Kletnieks (May 18)
- Re: Barracuda Networks Spam Firewall Todd Vierling (May 18)