Results 1 to 3 of 3

Thread: Rise in port 5000 probes are caused by 2 new worms

  1. #1
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands

    Rise in port 5000 probes are caused by 2 new worms

    Everybody is seeing a rise in port 5000 probes. These are not caused by the (very old) Sockets de Troie trojan.

    It's probably caused by 2 new worms; Bobax and Kibuv.

    Bobax uses a probe on port 5000 to identify windows XP and Kibuv tries to exploit the very first vulnerability found on XP (UPnP bug).


    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #2

    As well as a good firewall ruleset will help out.

  3. #3
    Join Date
    Aug 2001
    a long long time ago firewall logs actually ment something... now I just get 2000 connection attempts/hour on port x because there's yet another worm again

    todays top 5 (for me):
    1) 6112
    2) 5000
    3) 445 135 (shared)
    4) 9898
    5) 5554

    edit: so those are attempted incomming connections to those ports, all TCP
    Double Dutch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts