Security Incidents mailing list archives
Re: ingreslock message
From: emaiwald () FRED NET (Eric Maiwald)
Date: Tue, 7 Mar 2000 15:13:30 -0500
On Sun, 5 Mar 2000, Dino Amato wrote:
I logged this: Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from unknown () sleipnir1 cs ucl ac uk what does the ingreslock mean and what was this person trying to do? Thanks
The ingresslock port is 1524 (I think). It has been used recently as a backdoor by some intruders. They add a line to inetd.conf to accept connections on 1524. This person may have been looking for systems that have been broken. Eric --------------------------------------------------------------------- Eric Maiwald emaiwald () fred net So Many Hobbies, So little time ---------------------------------------------------------------------
Current thread:
- Re: @home: Is *anyone* really home there???, (continued)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: @home: Is *anyone* really home there??? William Annis (Mar 03)
- scans with spoofed address (was @home: Is *anyone*...) Russell Fulton (Mar 07)
- Re: @home: Is *anyone* really home there??? Ville (Mar 03)
- ingreslock message Dino Amato (Mar 05)
- Re: ingreslock message Graeme Fowler (Mar 07)
- Re: ingreslock message Dino Amato (Mar 07)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
- Re: ingreslock message Robert Graham (Mar 07)
- firewall abusing Przemyslaw Frasunek (Mar 07)
- Re: ingreslock message H D Moore (Mar 07)
- Re: ingreslock message Eric Maiwald (Mar 07)
- Re: auto-reporting to ISPs John Nemeth (Mar 07)
- UDP flood 28001-28003 George (Mar 07)
- Re: ingreslock message Jens Hektor (Mar 09)
- Re: ingreslock message Ex Machina [xm] (Mar 13)
- Re: ingreslock message Jens Hektor (Mar 13)