Security Incidents mailing list archives
Port 524: compromised machine with ndsd
From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Fri, 27 Oct 2000 21:57:20 -0000
Hi, I have just discovered a compromised machine (Redhat 6.2) with port 524 open, running on that service "ndsd - Novell Directory Service (NDS) daemon". The machine was scanning our site for port telnet and is itself rootshelled on some other port. Admins have been notified. So maybe there is a vulnerability in ndsd, I think I must have missed something in the last security announcements. But could be the standard wu-ftpd or rpc.statd compromise also. Bye, Jens Hektor
Current thread:
- Port 524: compromised machine with ndsd Jens Hektor (Oct 31)