Security Incidents mailing list archives
Re: increase of scans against port 1524
From: Michael Katz <mike () procinct com>
Date: Wed, 05 Jun 2002 09:36:17 -0700
At 6/5/2002 04:17 AM, High Speed wrote:
last 2 days I noticed an increased scan against port 1524 ingreslock 1524/tcp ingres ingreslock 1524/udp ingres Are there known issues with this port ? Recently found vulnerabilities ?
Looks like you may have someone scanning for a compromised machine. Back in 1999, CERT issued an advisory about RPC services being exploited and a root shell being left on port 1524.
See http://www.cert.org/incident_notes/IN-99-04.html and http://rr.sans.org/malicious/cmsd.htm.
Also, eEye released an advisory on April 10, 2001 containing a proof of concept exploit for a buffer overflow in xSun. See http://www.eeye.com/html/Research/Advisories/AD20010410.html.
Michael Katz mike () procinct com Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase of scans against port 1524 High Speed (Jun 05)
- Re: increase of scans against port 1524 Joe Matusiewicz (Jun 05)
- Re: increase of scans against port 1524 GrdnWsl (Jun 05)
- Re: increase of scans against port 1524 Drew Schaffner (Jun 05)
- Re: increase of scans against port 1524 Michael Katz (Jun 05)
- RE: increase of scans against port 1524 Antonio Montes (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 Lance Spitzner (Jun 05)
- <Possible follow-ups>
- RE: increase of scans against port 1524 Foster, Belinda (Jun 05)
- Re: increase of scans against port 1524 Steven M. Christey (Jun 07)