OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: ingreslock message
From: Graeme Fowler (G.E.FowlerLBORO.AC.UK)
Date: Tue Mar 07 2000 - 08:14:58 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dino

On 06-Mar-2000 Dino Amato wrote:
> I logged this:
> Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from
> unknownsleipnir1.cs.ucl.ac.uk
> what does the ingreslock mean and what was this person trying to do?

Firstly: the ingreslock port was well-used by the shell installed by a
number of RPC compromises on Solaris (amongst others); as I know only
too well :(
I guess the culprit was scanning for previously compromised machines.

Secondly: if you have seen this on other machines, or more frequently
than the single line above, please report it to:

certcert.ja.net

They'll deal with it as it's source was a UK university.

- --
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
PGP Public Key: http://xenomorph.lboro.ac.uk/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOMUO4ukW/hjR2nSsEQKFmwCaAl47OPjInQbAs0+5sJa4cYo6k+wAoP2J
lHFFPw0TToSC2CgekyhYVZNt
=8JCg
-----END PGP SIGNATURE-----