- http://isc.sans.org/...date=2004-05-17
Updated May 18th 2004 03:45 UTC
"Two very different worms are currently responsible for the rapid increase in port 5000 scans. The first, 'Bobax', uses port 5000 to identify Windows XP systems. Windows XP uses port 5000 (TCP) for 'Universal Plug and Play (UPnP)'. By default, UPnP is enabled. The second worm, 'Kibuv', will use an old vulnerability in Windows XP's UPnP implementation to exploit systems. This vulnerability was one of the first discovered in Windows XP and patches have been available..."

>>> http://isc.sans.org/...s.php?port=5000
Edited by apluswebmaster, 19 May 2004 - 11:07 AM.