'UDP port scan orginating from hpux 11.0 internal server'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       incidents
Subject:    UDP port scan orginating from hpux 11.0 internal server
From:       bcbear1 () EXCITE ! COM
Date:       2001-02-22 0:57:04
[Download RAW message or body]

hi;  is anyone aware of a potential hpux 11.0 compromise that would leave a
server on an internal subnet (not that it's location would be germane;
plenty of smart network people here who could access this server or the
internal network for whatever purpose) available to launch udp portscans
against other servers on the network?

have looked for unexpected services listening on ports, and changes to
passwd files etc.  installed new version of lsof to avoid possible
tampering...

am particularly concerned as the server is running a backleveled bind
version.

feedback of any kind and pointers to investigation points appreciated...

regards,

craig





_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic