GEN:SID | 1:601 |
Message | RSERVICES rlogin LinuxNIS |
Summary | This event is generated when an attempt is made to exploit a machine using Network Information Services (NIS).
|
Impact | Unknown. This is traffic that should not be seen when using NIS and remote login services.
|
Detailed Information | This event is generated when spurious data is sent to the rlogin service running on a machine that is using NIS.
|
Affected Systems | |
Attack Scenarios | An attacker needs to generate this traffic and send it directly to a machine. This is not normal network behavior.
|
Ease of Attack | Simple, no exploit software required
|
Corrective Action | Investigate logs on the target host for further details and more signs of suspicious activity
Use ssh for remote access instead of rlogin.
|
Additional References | |