Check or Attack Name: rexec

The rexec service has been detected as running. This service allows a user to execute commands remotely, and typically requires that usernames and passwords be passed in clear text across the network. Under Windows NT, the Ataman version of this service writes errors to the application log. The application log is readable by any user with permission to access the computer from the network, which could potentially report details about why a given user was unable to log in.

Remove the exec service.

To disable the rexec service, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. From the Services list, select rexec.
3. Click Stop.

Remove the rexec from inetd.conf.

Unix: To remove rexec, follow these steps:

1. Comment out rexec from inetd.conf.
2. Restart the inetd process.