| GEN:SID | 1:601 |
| Message | RSERVICES rlogin LinuxNIS |
| Summary | This event is generated when an attempt is made to exploit a machine using Network Information Services (NIS).
|
| Impact | Unknown. This is traffic that should not be seen when using NIS and remote login services.
|
| Detailed Information | This event is generated when spurious data is sent to the rlogin service running on a machine that is using NIS.
|
| Affected Systems | |
| Attack Scenarios | An attacker needs to generate this traffic and send it directly to a machine. This is not normal network behavior.
|
| Ease of Attack | Simple, no exploit software required
|
| Corrective Action | Investigate logs on the target host for further details and more signs of suspicious activity
Use ssh for remote access instead of rlogin.
|
| Additional References | |