11.8 The Mysterious IngreslockThe ingreslock lock service is for locking parts of an Ingres database. It is listed as port 1524 for both TCP and UDP. As such, many System Administrators mistakenly allow this service. For the majority of sites that do not use it, this is a mistake. A popular cracker Trojan defaults to listening on this port using the TCP protocol. It should be blocked at the firewall and checked during your internal port scans. If a process is listening and you did not set up Ingres (or possibly even if you did), you have a big problem. See Part IV for recovering from intrusions. |
Top |