Security Incidents: RE: TCP port 5000 syn increasing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

RE: TCP port 5000 syn increasing

From: Frank Knobbe <frank () knobbe us>
Date: Tue, 18 May 2004 13:45:50 -0500

On Tue, 2004-05-18 at 10:18, Paul Schmehl wrote:

Of course with the cut and paste worms that are coming out these days,
who 
can say what it really might be?


That begs the question if it isn't becoming useless nowadays to count
port scans. Perhaps we should focus instead on catching the worms and
provide payload, or payload hashes. Otherwise, how would you pick up the
new strain of SQL slammer amongst all the existing SQL port scans?

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

By Date By Thread

Current thread:

Re: TCP port 5000 syn increasing, (continued)
- Re: TCP port 5000 syn increasing Leonardo (May 17)
- RE: TCP port 5000 syn increasing Terence Runge (May 17)
  - RE: TCP port 5000 syn increasing Jose Nazario (May 18)
    - RE: TCP port 5000 syn increasing Paul Schmehl (May 18)
    - RE: TCP port 5000 syn increasing Frank Knobbe (May 18)
    - Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 18)
    - Re: TCP port 5000 syn increasing Andreas (May 19)
    - Re: TCP port 5000 syn increasing Harlan Carvey (May 19)
    - Re: TCP port 5000 syn increasing Valdis . Kletnieks (May 19)
    - Re: TCP port 5000 syn increasing Harlan Carvey (May 19)