Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents: Port 524: compromised machine with ndsd

Port 524: compromised machine with ndsd

From: Jens Hektor <hektor_at_RZ.RWTH-AACHEN.DE>
Date: Fri, 27 Oct 2000 22:57:20 +0100

Hi,

I have just discovered a compromised machine
(Redhat 6.2) with port 524 open, running on
that service "ndsd - Novell Directory Service
(NDS) daemon".

The machine was scanning our site for port
telnet and is itself rootshelled on some other
port.

Admins have been notified.

So maybe there is a vulnerability in ndsd, I think
I must have missed something in the last
security announcements. But could be the standard
wu-ftpd or rpc.statd compromise also.

Bye, Jens Hektor
Received on Nov 01 2000

This message: [ Message body ]
Next message: Crist Clark: "Load Balancing Protocol (was Re: your mail)"
Previous message: H D Moore: "Re: IIS Unicode Question"
Next in thread: Jens Hektor: "Re: Port 524: compromised machine with ndsd"
Maybe reply: Jens Hektor: "Re: Port 524: compromised machine with ndsd"
Maybe reply: Jens Hektor: "Re: Port 524: compromised machine with ndsd"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]