Security Incidents mailing list archives
port 523/TCP scans
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 17 Nov 2000 11:22:36 -0500
cwru.edu had a rash of some SGI's compromised, which i've been investigating. they're currently blocked, btw, at the firewall (the compromised machines we have identified) until they can be sanitized and hardened. i've been seeing some sweeps the past week for 5232/TCP. i presume it is for marking SGI's on a unique port: (from nmap output against an SGI) 5232/tcp open sgi-dgl heads up, all. i'm working on an IRIX ipfilterd document to get admins up to speed on it. if you have an ipfilterd config you want to contribute, i would appreciate it. please send them to me privately, you will get credited, especially if you can help me improve the logging options! thanks. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- port 523/TCP scans Jose Nazario (Nov 18)
- Re: port 523/TCP scans E. Larry Lidz (Nov 21)
- <Possible follow-ups>
- Re: port 523/TCP scans Joe Matusiewicz (Nov 21)
- Re: port 523/TCP scans Russell Fulton (Nov 22)