Security Incidents mailing list archives
Re: increase of scans against port 1524
From: Joe Matusiewicz <joem () nist gov>
Date: Wed, 05 Jun 2002 12:39:43 -0400
At 07:17 AM 6/5/02, High Speed wrote:
Hi, last 2 days I noticed an increased scan against port 1524 ingreslock 1524/tcp ingres ingreslock 1524/udp ingres Are there known issues with this port ? Recently found vulnerabilities ?
I remember that being a backdoor port for a whole bunch of different buffer overflow attacks. A google search on "port 1524" will cough up some names for you. It could be scans of random addresses by vultures looking for compromised boxes with convenient backdoors. In our case, one of solaris boxes was compromised eighteen months ago and someone bragged on IRC that they placed a backdoor on this port but never mentioned which of our boxes was compromised. Our networks were scanned heavily on this port and this got our attention. When we did our own scanning we discovered which of our boxes was r00ted.
-- Joe
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- increase of scans against port 1524 High Speed (Jun 05)
- Re: increase of scans against port 1524 Joe Matusiewicz (Jun 05)
- Re: increase of scans against port 1524 GrdnWsl (Jun 05)
- Re: increase of scans against port 1524 Drew Schaffner (Jun 05)
- Re: increase of scans against port 1524 Michael Katz (Jun 05)
- RE: increase of scans against port 1524 Antonio Montes (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 gminick (Jun 05)
- Re: increase of scans against port 1524 Lance Spitzner (Jun 05)
- <Possible follow-ups>
- RE: increase of scans against port 1524 Foster, Belinda (Jun 05)
- Re: increase of scans against port 1524 Steven M. Christey (Jun 07)