Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: increase of scans against port 1524
From: Michael Katz <mike () procinct com>
Date: Wed, 05 Jun 2002 09:36:17 -0700
At 6/5/2002 04:17 AM, High Speed wrote:


last 2 days I noticed an increased scan against port 1524

ingreslock      1524/tcp    ingres
ingreslock      1524/udp    ingres

Are there known issues with this port ?
Recently found vulnerabilities ?
Looks like you may have someone scanning for a compromised machine. Back in 1999, CERT issued an advisory about RPC services being exploited and a root shell being left on port 1524.
See http://www.cert.org/incident_notes/IN-99-04.html and http://rr.sans.org/malicious/cmsd.htm.
Also, eEye released an advisory on April 10, 2001 containing a proof of concept exploit for a buffer overflow in xSun. See http://www.eeye.com/html/Research/Advisories/AD20010410.html. 

Michael Katz
mike () procinct com
Procinct Security


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]