Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:601 |
Message | RSERVICES rlogin LinuxNIS |
Summary | This event is generated when an attempt is made to exploit a machine using Network Information Services (NIS). |
Impact | Unknown. This is traffic that should not be seen when using NIS and remote login services. |
Detailed Information | This event is generated when spurious data is sent to the rlogin service running on a machine that is using NIS. |
Affected Systems | |
Attack Scenarios | An attacker needs to generate this traffic and send it directly to a machine. This is not normal network behavior. |
Ease of Attack | Simple, no exploit software required |
Corrective Action | Investigate logs on the target host for further details and more signs of suspicious activity Use ssh for remote access instead of rlogin. |
Additional References |
--
DID:297414
--
http://www.aanval.com/