Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: ingreslock message
From: G.E.Fowler () LBORO AC UK (Graeme Fowler)
Date: Tue, 7 Mar 2000 14:14:58 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dino

On 06-Mar-2000 Dino Amato wrote:

I logged this:
Mar  5 15:58:23 monitor tcplogd: ingreslock connection attempt from
unknown () sleipnir1 cs ucl ac uk
what does the ingreslock mean and what was this person trying to do?


Firstly: the ingreslock port was well-used by the shell installed by a
number of RPC compromises on Solaris (amongst others); as I know only
too well :(
I guess the culprit was scanning for previously compromised machines.

Secondly: if you have seen this on other machines, or more frequently
than the single line above, please report it to:

cert () cert ja net

They'll deal with it as it's source was a UK university.

- --
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
PGP Public Key: http://xenomorph.lboro.ac.uk/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBOMUO4ukW/hjR2nSsEQKFmwCaAl47OPjInQbAs0+5sJa4cYo6k+wAoP2J
lHFFPw0TToSC2CgekyhYVZNt
=8JCg
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]