Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: increase of scans against port 1524
.

  • To: "High Speed" <[EMAIL PROTECTED]
  • Subject: Re: increase of scans against port 1524
  • From: Joe Matusiewicz <[EMAIL PROTECTED]>
  • Date: Wed, 05 Jun 2002 19:01:26 +0200
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
At 07:17 AM 6/5/02, High Speed wrote:
>Hi,
>
>last 2 days I noticed an increased scan against port 1524
>
>ingreslock      1524/tcp    ingres
>ingreslock      1524/udp    ingres
>
>Are there known issues with this port ?
>Recently found vulnerabilities ?

I remember that being a backdoor port for a whole bunch of different buffer 
overflow attacks.  A google search on "port 1524" will cough up some names 
for you.  It could be scans of random addresses by vultures looking for 
compromised boxes with convenient backdoors.  In our case, one of solaris 
boxes was compromised eighteen months ago and someone bragged on IRC that 
they placed a backdoor on this port but never mentioned which of our boxes 
was compromised.  Our networks were scanned heavily on this port and this 
got our attention.  When we did our own scanning we discovered which of our 
boxes was r00ted.

-- Joe 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.