TCP Port 5000
Windows Universal plug and play service (UPNP).
There are a couple of exploits which target the plug and play service, but
lately the most common use is to identify XP systems for attack via other
exploits (ie the Bobax worm for example).
Outbound scans if occurring in volume should be considered an indication of a
possible infection or compromise on the source computer and should be
TCP Port 5000 Buffer Overflow Attack
Page last updated on
August 10, 2004