NEWS FROM THE LAB - Monday, May 17, 2004

Port 5000/TCP traffic peaking Posted by Mikko @ 20:09 GMT

Port 5000 traffic has risen considerably over the past 24 hours. This port is used by the Universal plug-n-play service of Windows 98, Windows Me and Windows XP.

We're not sure if all of this traffic can be attributed to a new worm known as Kibuv or StdBot, but this new worm does scan for several known vulnerabilities, including the UPnP hole and the Sasser FTP server hole.

The traffic increase is pretty obvious in this graph from http://www.incidents.org:

Copyright (c) Incidents.org