Jump to content


Photo

Port 5000 activity spikes = 2 worms...

Started by AplusWebMaster , May 17 2004 11:34 PM

  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 17 May 2004 - 11:34 PM

FYI...from the Internet Storm Center:

- http://isc.sans.org/...date=2004-05-17
Updated May 18th 2004 03:45 UTC
"Two very different worms are currently responsible for the rapid increase in port 5000 scans. The first, 'Bobax', uses port 5000 to identify Windows XP systems. Windows XP uses port 5000 (TCP) for 'Universal Plug and Play (UPnP)'. By default, UPnP is enabled. The second worm, 'Kibuv', will use an old vulnerability in Windows XP's UPnP implementation to exploit systems. This vulnerability was one of the first discovered in Windows XP and patches have been available..."
:(
>>> http://isc.sans.org/...s.php?port=5000

Edited by apluswebmaster, 19 May 2004 - 11:07 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 wawadave

wawadave

    Advanced Member

  • Full Member
  • PipPipPip
  • 126 posts

Posted 19 May 2004 - 03:13 PM

hello
you might want to d/l the program from grc for closeing upnp
http://www.grc.com/unpnp/unpnp.htm
this will help fix the problem.
<b>MYTH!!!!
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />
Back to Security Warnings


  1. SpywareInfo Forum
  2. General Computing Issues
  3. Security Warnings
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button