Unixshellfromport.ingreslock.port.Exploit
Description
Indicates an attempt to create a remote shell on the ingreslock port (port 1524). Remote users, attacking linux or unix systems with an exploit, frequently attempt to create a command shell (for example /bin/sh) listening on port 1524. The ingreslock service (port 1524) is added to a file called, for example, /tmp/x, and then inetd is executed with /tmp/x as the configuration file. The remote attacker can then connect to this shell and gain complete system access and control.
Affected Products
All unix and linux systems.
Impact
Remote shell access with root privileges.
Recommended Actions
Kill any extra versions of inetd. Remove the configuration file and any accounts that were created.
Restrict access to port 1524.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |