port 523/TCP scans

[Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>]

cwru.edu had a rash of some SGI's compromised, which i've been
investigating. they're currently blocked, btw, at the firewall (the
compromised machines we have identified) until they can be sanitized and
hardened.

i've been seeing some sweeps the past week for 5232/TCP. i presume it is
for marking SGI's on a unique port:

(from nmap output against an SGI)

5232/tcp   open        sgi-dgl

heads up, all. i'm working on an IRIX ipfilterd document to get admins up
to speed on it. if you have an ipfilterd config you want to contribute, i
would appreciate it. please send them to me privately, you will get
credited, especially if you can help me improve the logging options!

thanks.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)