-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dino
On 06-Mar-2000 Dino Amato wrote:
> I logged this:
> Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from
> unknown_at_sleipnir1.cs.ucl.ac.uk
> what does the ingreslock mean and what was this person trying to do?
Firstly: the ingreslock port was well-used by the shell installed by a
number of RPC compromises on Solaris (amongst others); as I know only
too well :(
I guess the culprit was scanning for previously compromised machines.
Secondly: if you have seen this on other machines, or more frequently
than the single line above, please report it to:
cert_at_cert.ja.net
They'll deal with it as it's source was a UK university.
- --
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
PGP Public Key: http://xenomorph.lboro.ac.uk/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQA/AwUBOMUO4ukW/hjR2nSsEQKFmwCaAl47OPjInQbAs0+5sJa4cYo6k+wAoP2J
lHFFPw0TToSC2CgekyhYVZNt
=8JCg
-----END PGP SIGNATURE-----
Received on Mar 07 2000
Intro
