At 6/5/2002 04:17 AM, High Speed wrote: >last 2 days I noticed an increased scan against port 1524 > >ingreslock 1524/tcp ingres >ingreslock 1524/udp ingres > >Are there known issues with this port ? >Recently found vulnerabilities ? Looks like you may have someone scanning for a compromised machine. Back in 1999, CERT issued an advisory about RPC services being exploited and a root shell being left on port 1524. See http://www.cert.org/incident_notes/IN-99-04.html and http://rr.sans.org/malicious/cmsd.htm. Also, eEye released an advisory on April 10, 2001 containing a proof of concept exploit for a buffer overflow in xSun. See http://www.eeye.com/html/Research/Advisories/AD20010410.html. Michael Katz mikeat_private Procinct Security ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 10:27:32 PDT