Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Scan of on port 5232
From: Jens Hektor <hektor () RZ RWTH-AACHEN DE>
Date: Sat, 2 Sep 2000 06:26:14 -0000
Hello,


We were on the receiving end of a scan on port
5232 the other night. I


now we had also a scan on port 5232 (SGI
Distributed Graphics).

Two machines were cracked, a trojan ssh
listening on port 13000 was installed.

A bit unclear is which service was used to
breakin. 

The recent telnetd feature is unlikely in the one
case I have studied because this machine had
wrappers installed and the logs indicate 
refused connects.

The attacker re-configured
this machine not to offer objectserver, autofs
and pcnfsd so it most likely that one of these
was used.

Bye, Jens Hektor

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]