Security Incidents mailing list archives
Re: ingreslock message
From: slayer67 () APK NET (Dino Amato)
Date: Tue, 7 Mar 2000 12:42:01 -0500
THanks for all who responded to my question. I check the box and there was no break-in or comprimise, like a few others said - someone was looking around for a hole. My ined.conf file has been totally remarked out since day also and nothing in tmp. Thakns for telling me about this particular attack. Dino Amato On Tue, 7 Mar 2000, Graeme Fowler wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dino On 06-Mar-2000 Dino Amato wrote:I logged this: Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from unknown () sleipnir1 cs ucl ac uk what does the ingreslock mean and what was this person trying to do?Firstly: the ingreslock port was well-used by the shell installed by a number of RPC compromises on Solaris (amongst others); as I know only too well :( I guess the culprit was scanning for previously compromised machines. Secondly: if you have seen this on other machines, or more frequently than the single line above, please report it to: cert () cert ja net They'll deal with it as it's source was a UK university. - -- Graeme Fowler Network Officer, Infrastructure & Networks Group Loughborough University Computing Services PGP Public Key: http://xenomorph.lboro.ac.uk/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOMUO4ukW/hjR2nSsEQKFmwCaAl47OPjInQbAs0+5sJa4cYo6k+wAoP2J lHFFPw0TToSC2CgekyhYVZNt =8JCg -----END PGP SIGNATURE-----
Current thread:
- Re: @home: Is *anyone* really home there???, (continued)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Rob Quinn (Mar 01)
- Re: @home: Is *anyone* really home there??? Jon Burdge (Mar 02)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: @home: Is *anyone* really home there??? William Annis (Mar 03)
- scans with spoofed address (was @home: Is *anyone*...) Russell Fulton (Mar 07)
- Re: @home: Is *anyone* really home there??? Ville (Mar 03)
- ingreslock message Dino Amato (Mar 05)
- Re: ingreslock message Graeme Fowler (Mar 07)
- Re: ingreslock message Dino Amato (Mar 07)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: ingreslock message Robert Graham (Mar 07)
- firewall abusing Przemyslaw Frasunek (Mar 07)
- Re: ingreslock message H D Moore (Mar 07)
- Re: ingreslock message Eric Maiwald (Mar 07)
- Re: auto-reporting to ISPs John Nemeth (Mar 07)
- UDP flood 28001-28003 George (Mar 07)
- Re: ingreslock message Jens Hektor (Mar 09)
- Re: ingreslock message Ex Machina [xm] (Mar 13)
- Re: ingreslock message Jens Hektor (Mar 13)