Security Incidents mailing list archives
Re: Scan of on port 5232
From: Dino Amato <slayer67 () APK NET>
Date: Sun, 3 Sep 2000 19:08:06 -0400
Yeah if you disable DGL, you wont be able to run X remotely, but the box will still function. So I would disable dgl in the inetd.conf unless its a workstation. This is an SGI thing. What OS were you running? Object Server is what sounds important here. I believe this was fixed 6.5x. Are you running 5.3 or 6.2 ? Thanks Dino Amato ----- Original Message ----- From: "Jens Hektor" <hektor () RZ RWTH-AACHEN DE> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Saturday, September 02, 2000 2:26 AM Subject: Re: Scan of on port 5232
Hello,We were on the receiving end of a scan on port 5232 the other night. Inow we had also a scan on port 5232 (SGI Distributed Graphics). Two machines were cracked, a trojan ssh listening on port 13000 was installed. A bit unclear is which service was used to breakin. The recent telnetd feature is unlikely in the one case I have studied because this machine had wrappers installed and the logs indicate refused connects. The attacker re-configured this machine not to offer objectserver, autofs and pcnfsd so it most likely that one of these was used. Bye, Jens Hektor
Current thread:
- Re: Scan of on port 5232 Jens Hektor (Sep 02)
- Re: Scan of on port 5232 Dino Amato (Sep 03)