Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ingreslock message

From: bugtraq () NETWORKICE COM (Robert Graham)
Date: Tue, 7 Mar 2000 09:43:22 -0800

It is an attempt to connect to a root shell installed by an exploit in
sendmail/RPC/BIND. It doesn't mean that you've been exploited, only that
somebody is searching to see if that backdoor has been installed.

I've written a good document that describes these sorts of things at:
http://www.robertgraham.com/pubs/firewall-seen.html#port1524

Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () securityfocus com]On
Behalf Of Dino Amato
Sent: Sunday, March 05, 2000 5:34 PM
To: INCIDENTS () securityfocus com
Subject: ingreslock message

I logged this:
Mar  5 15:58:23 monitor tcplogd: ingreslock connection attempt from
unknown () sleipnir1 cs ucl ac uk
what does the ingreslock mean and what was this person trying to do?
Thanks

 --------------------------------------------
 Dino Amato
 Systems Administrator
------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: