Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:601 |
| Message | RSERVICES rlogin LinuxNIS |
| Summary | This event is generated when an attempt is made to exploit a machine using Network Information Services (NIS). |
| Impact | Unknown. This is traffic that should not be seen when using NIS and remote login services. |
| Detailed Information | This event is generated when spurious data is sent to the rlogin service running on a machine that is using NIS. |
| Affected Systems | |
| Attack Scenarios | An attacker needs to generate this traffic and send it directly to a machine. This is not normal network behavior. |
| Ease of Attack | Simple, no exploit software required |
| Corrective Action | Investigate logs on the target host for further details and more signs of suspicious activity Use ssh for remote access instead of rlogin. |
| Additional References |
--
DID:297414
--
http://www.aanval.com/