|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Soeren Ziehe (robinton
gmx.de)Date: Fri Feb 08 2002 - 05:46:00 CST
Hello,
I've got a report that one maschine is doing portmap requests it
shouldn't do.
It's a Netware 4.11 server, which has a novell unix gateway suite
installed.
-- sanitized log excerpt from "victim" ---
Jan 21 00:16:10 some-host portmap[15440]: connect from xxx.xxx.xxx.xxx
to callit(300055): request from unauthorized host
Jan 21 00:17:14 some-host portmap[15501]: connect from xxx.xxx.xxx.xxx
to callit(300055): request from unauthorized host
Jan 21 00:18:18 some-host portmap[15566]: connect from xxx.xxx.xxx.xxx
to callit(300055): request from unauthorized host
There's about one request per minute and it apparently has been going on
for weeks.
There's nothing in the configuration, that I'm aware of, that would
cause the requests to this particular maschine.
Is anything out there that I should know? That is is there a known way
to hijack said novell unix gateway?
Robinton
P.S.: no packet dumps available at the moment, will try to get them ASAP
-- I've asked for kindness and ultimate truth. Still waiting for the answer. -- Und das, Wesley, ist eine Luftschleuseeeeeeeeeeeeeeeeeeeeeeeee...---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]