Security Incidents mailing list archives
Re: Scan of on port 5232
From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Sat, 2 Sep 2000 06:26:14 -0000
Hello,
We were on the receiving end of a scan on port 5232 the other night. I
now we had also a scan on port 5232 (SGI Distributed Graphics). Two machines were cracked, a trojan ssh listening on port 13000 was installed. A bit unclear is which service was used to breakin. The recent telnetd feature is unlikely in the one case I have studied because this machine had wrappers installed and the logs indicate refused connects. The attacker re-configured this machine not to offer objectserver, autofs and pcnfsd so it most likely that one of these was used. Bye, Jens Hektor
Current thread:
- Re: Scan of on port 5232 Jens Hektor (Sep 02)
- Re: Scan of on port 5232 Dino Amato (Sep 03)