|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ingreslock message
From: Robert Graham (bugtraq
NETWORKICE.COM)Date: Tue Mar 07 2000 - 11:43:22 CST
- Next message: H D Moore: "Re: ingreslock message"
- Previous message: Joel Michael: "Mail Server attack"
- In reply to: Dino Amato: "ingreslock message"
- Next in thread: H D Moore: "Re: ingreslock message"
- Reply: Robert Graham: "Re: ingreslock message"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It is an attempt to connect to a root shell installed by an exploit in
sendmail/RPC/BIND. It doesn't mean that you've been exploited, only that
somebody is searching to see if that backdoor has been installed.
I've written a good document that describes these sorts of things at:
http://www.robertgraham.com/pubs/firewall-seen.html#port1524
Rob.
-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTSsecurityfocus.com]On
Behalf Of Dino Amato
Sent: Sunday, March 05, 2000 5:34 PM
To: INCIDENTSsecurityfocus.com
Subject: ingreslock message
I logged this:
Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from
unknownsleipnir1.cs.ucl.ac.uk
what does the ingreslock mean and what was this person trying to do?
Thanks
--------------------------------------------
Dino Amato
Systems Administrator
------------------------------------------
- Next message: H D Moore: "Re: ingreslock message"
- Previous message: Joel Michael: "Mail Server attack"
- In reply to: Dino Amato: "ingreslock message"
- Next in thread: H D Moore: "Re: ingreslock message"
- Reply: Robert Graham: "Re: ingreslock message"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]