Security Incidents mailing list archives
Re: sgi-dgl scanning
From: ellidz () ERIDU UCHICAGO EDU (E. Larry Lidz)
Date: Tue, 28 Mar 2000 09:58:43 -0600
Michael Stone writes:
Does anyone know why I'd be seeing an increase in scanning on port 5232 (sgi-dgl)? Is there an exploit for dgl, a trojan using this port, or is it just people trying to fingerprint sgi's?
We saw a scan for dgl followed by a few connections to the Object Server port (5135) on a few machines. The machines that were running the object server then had a non-root like account added to the machine (called "hehe") and and attempt was made to use the df overflow to get root. We've reported a possible Object Server bug to CERT and SGI, but haven't gotten any information back (SGI's policy is to neither confirm nor deny problems until there is a fix). The Object Server was removed after 6.2, I think. I'd be very cautious if you're seeing connections to port 5135 as well. -Larry --- E. Larry Lidz Phone: (773)702-2208 Network Security Officer Fax: (773)702-3219 Network Security Center, The University of Chicago PGP: finger ellidz () uchicago edu or network-security () uchicago edu
Current thread:
- link-local IPs (Was "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)"), (continued)
- link-local IPs (Was "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)") Richard Johnson (Mar 30)
- unapproved queries for "aol.com" Francis A. Vidal (Mar 26)
- Linux-box hacked, ls, ps, login modified Frank Derichsweiler (Mar 22)
- Re: Linux-box hacked, ls, ps, login modified Rick Tait (Mar 22)
- Re: Linux-box hacked, ls, ps, login modified Granquist, Lamont (Mar 24)
- 'fatal:' sshd log message Przemyslaw Frasunek (Mar 25)
- sgi-dgl scanning Michael Stone (Mar 27)
- unusual mail file Donald McLachlan (Mar 28)
- Re: unusual mail file Ryan Hilton (Mar 28)
- Front Page Extensions vventura () SIA PT (Mar 28)
- Re: sgi-dgl scanning E. Larry Lidz (Mar 28)
- Syn attacks ? Klavs Klavsen (Mar 28)
- Re: lots of interest in port 109 (POP2) markus tromday (Mar 22)
- Re: lots of interest in port 109 (POP2) Paul Rice (Mar 13)
- Munged Napster Sessions Stephen P. Berry (Mar 13)
- Looking for Squid Proxies Cy Schubert - ITSD Open Systems Group (Mar 16)
- Re: Munged Napster Sessions Vanja Hrustic (Mar 16)
- Port 6112 Stuart Staniford-Chen (Mar 17)
- Re: Port 6112 Robert Graham (Mar 20)
- Re: Port 6112 Stuart Staniford-Chen (Mar 20)