Security Incidents mailing list archives

Re: ingreslock message

From: G.E.Fowler () LBORO AC UK (Graeme Fowler)
Date: Tue, 7 Mar 2000 14:14:58 -0000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dino

On 06-Mar-2000 Dino Amato wrote:

I logged this:
Mar  5 15:58:23 monitor tcplogd: ingreslock connection attempt from
unknown () sleipnir1 cs ucl ac uk
what does the ingreslock mean and what was this person trying to do?


Firstly: the ingreslock port was well-used by the shell installed by a
number of RPC compromises on Solaris (amongst others); as I know only
too well :(
I guess the culprit was scanning for previously compromised machines.

Secondly: if you have seen this on other machines, or more frequently
than the single line above, please report it to:

cert () cert ja net

They'll deal with it as it's source was a UK university.

- --
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
PGP Public Key: http://xenomorph.lboro.ac.uk/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOMUO4ukW/hjR2nSsEQKFmwCaAl47OPjInQbAs0+5sJa4cYo6k+wAoP2J
lHFFPw0TToSC2CgekyhYVZNt
=8JCg
-----END PGP SIGNATURE-----

Current thread:

Re: @home: Is *anyone* really home there???, (continued)
- Re: @home: Is *anyone* really home there??? Erick Brockway (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Greg A. Woods (Feb 29)
- Re: @home: Is *anyone* really home there??? Rob Quinn (Mar 01)
- Re: @home: Is *anyone* really home there??? Jon Burdge (Mar 02)
  - Re: @home: Is *anyone* really home there??? Greg A. Woods (Mar 02)
    - Re: @home: Is *anyone* really home there??? William Annis (Mar 03)
    - scans with spoofed address (was @home: Is *anyone*...) Russell Fulton (Mar 07)
    - Re: @home: Is *anyone* really home there??? Ville (Mar 03)
    - ingreslock message Dino Amato (Mar 05)
    - Re: ingreslock message Graeme Fowler (Mar 07)
    - Re: ingreslock message Dino Amato (Mar 07)
    - Re: ingreslock message Robert Graham (Mar 07)
    - firewall abusing Przemyslaw Frasunek (Mar 07)
    - Re: ingreslock message H D Moore (Mar 07)
    - Re: ingreslock message Eric Maiwald (Mar 07)
    - Re: auto-reporting to ISPs John Nemeth (Mar 07)
    - UDP flood 28001-28003 George (Mar 07)
    - Re: ingreslock message Jens Hektor (Mar 09)
    - Re: ingreslock message Ex Machina [xm] (Mar 13)
    - Re: ingreslock message Jens Hektor (Mar 13)

(Thread continues...)