[70518] in North American Network Operators' Group
Re: Port 5000
daemon@ATHENA.MIT.EDU (Erik Haagsman)
Tue May 18 09:24:54 2004
From: Erik Haagsman <erik@we-dare.net>
Reply-To: erik@we-dare.net
To: "Geo." <geoincidents@nls.net>
Cc: nanog@merit.edu
In-Reply-To: <EKECJMGPAACGOMIGLJJDCEOGEEAA.geoincidents@nls.net>
Date: Tue, 18 May 2004 15:21:52 +0200
Errors-To: owner-nanog-outgoing@merit.edu
It is a worm:
http://www.internetwk.com/breakingNews/showArticle.jhtml?articleID=20301309
Erik
On Tue, 2004-05-18 at 15:15, Geo. wrote:
> We are seeing many customers here probing port 5000 across the network. It
> appears to be some new worm or something but I've had no luck yet in
> figuring out what it is except to say norton AV detects nothing yet.
>
> Anyone have a clue?
>
> http://isc.incidents.org/port_details.php?isc=b4827221b7f45feeb0c12bc5040cab
> c9&port=5000&repax=1&tarax=2&srcax=2&percent=N&days=10&Redraw=Submit+Query
>
> the jump in traffic is obvious.
>
> Geo.
--
---
Erik Haagsman
Network Architect
We Dare BV
tel: +31(0)10 7507008
fax:+31(0)10 7507005
http://www.we-dare.nl
