Preface: rpc.portmap dumpLogo -Internet Security Systems

rpc.portmap dump
advICE :Intrusions : 2001705
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Somebody, possibly an intruder, is listing all the RPC programs available on your system. This is a common reconnaisance technique, but is also part of standard network management.

Details

RPC is a common UNIX platform for writing client/server applications. It is very popular, especially on Sun servers. It's popularity means that there are both numerous services based upon RPC as well as numerous exploits for these services. RPC, especially the "portmapper" service running at port 111 are extremely dangerous to leave exposed to the Internet.

Defense

If you can, turn off RPC services altogether. If not, put a firewall in front of the system that blocks external access to these services.

Further details

UNIX comes with a standard way of doing a portmapper dump. Execute the following command against a system: 

rpcinfo -p 192.0.2.1
Where "192.0.2.1" is the system you want to scan.
 more information
advICE: portmapper exploits  
 
Intrusion: epdump  
The same type of a attack against Windows system.s  
advICE: Reconnaissance  
More info about hacker scans against the system.   
 
Version appeared:
Privacy Policy |  Copyright Info