|
Security Incidents
mailing list archives
Re: Scan of on port 5232
From: Dino Amato <slayer67 () APK NET>
Date: Sun, 3 Sep 2000 19:08:06 -0400
Yeah if you disable DGL, you wont be able to run X remotely, but the box
will still function.
So I would disable dgl in the inetd.conf unless its a workstation. This is
an SGI thing.
What OS were you running? Object Server is what sounds important here.
I believe this was fixed 6.5x. Are you running 5.3 or 6.2 ?
Thanks
Dino Amato
----- Original Message -----
From: "Jens Hektor" <hektor () RZ RWTH-AACHEN DE>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Saturday, September 02, 2000 2:26 AM
Subject: Re: Scan of on port 5232
Hello,
We were on the receiving end of a scan on port
5232 the other night. I
now we had also a scan on port 5232 (SGI
Distributed Graphics).
Two machines were cracked, a trojan ssh
listening on port 13000 was installed.
A bit unclear is which service was used to
breakin.
The recent telnetd feature is unlikely in the one
case I have studied because this machine had
wrappers installed and the logs indicate
refused connects.
The attacker re-configured
this machine not to offer objectserver, autofs
and pcnfsd so it most likely that one of these
was used.
Bye, Jens Hektor
 By Date 
By Thread
Current thread:
|
Intro
