Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: increase of scans against port 1524
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: increase of scans against port 1524
  • From: Michael Katz <[EMAIL PROTECTED]>
  • Date: Wed, 05 Jun 2002 22:24:43 +0200
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
At 6/5/2002 04:17 AM, High Speed wrote:

>last 2 days I noticed an increased scan against port 1524
>
>ingreslock      1524/tcp    ingres
>ingreslock      1524/udp    ingres
>
>Are there known issues with this port ?
>Recently found vulnerabilities ?

Looks like you may have someone scanning for a compromised machine.  Back 
in 1999, CERT issued an advisory about RPC services being exploited and a 
root shell being left on port 1524.

See http://www.cert.org/incident_notes/IN-99-04.html and 
http://rr.sans.org/malicious/cmsd.htm.

Also, eEye released an advisory on April 10, 2001 containing a proof of 
concept exploit for a buffer overflow in xSun.  See 
http://www.eeye.com/html/Research/Advisories/AD20010410.html.

Michael Katz
[EMAIL PROTECTED]
Procinct Security


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.