Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: ingreslock message

Re: ingreslock message

From: Robert Graham <bugtraq_at_NETWORKICE.COM>
Date: Tue, 7 Mar 2000 09:43:22 -0800

It is an attempt to connect to a root shell installed by an exploit in
sendmail/RPC/BIND. It doesn't mean that you've been exploited, only that
somebody is searching to see if that backdoor has been installed.

I've written a good document that describes these sorts of things at:
http://www.robertgraham.com/pubs/firewall-seen.html#port1524

Rob.

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS_at_securityfocus.com]On
Behalf Of Dino Amato
Sent: Sunday, March 05, 2000 5:34 PM
To: INCIDENTS_at_securityfocus.com
Subject: ingreslock message

I logged this:
Mar 5 15:58:23 monitor tcplogd: ingreslock connection attempt from
unknown_at_sleipnir1.cs.ucl.ac.uk
what does the ingreslock mean and what was this person trying to do?
Thanks

 --------------------------------------------
 Dino Amato
 Systems Administrator
------------------------------------------
Received on Mar 07 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos