[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Active System Attack Query

Subject: [cobalt-users] Active System Attack Query
From: johnm@xxxxxxxxxxxxxxxxxxxx
Date: Tue Mar 13 14:47:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Revd leonard payne <vicarage@xxxxxxxxxxxxxx> wrote :-

>I am currently getting 1 or 2 scans a day - always to TCP Port 111
>Does anyone know what they are trying and why this port ?

Extract from "Linux Security Toolkit" book.

Port 111 is the 'SUNRPC' or Sun remote procedure call, developed by Sun 
Microsystems to level the playing field when it came to mounting file 
systems across a network, is used by the system to register all other RPC 
programs.  An nfs client will contact an nfs server across a network on 
the port first.
....

The RPC services are more secure that services like ftp, but can be fooled 
through spoofing.  These services do not check, but accept the client's 
word for thier identity. 
.....

Access to RPC services should be very closely controlled.
<end of extract>

Most of my port scans seem to be either on 22, 111 or 515 (printer)

Cheers

John

Prev by Date: Re: [cobalt-users] Qube2 Boot Failure and CPU problems
Next by Date: Re: [cobalt-users] Active System Attack Query
Previous by thread: Re: [cobalt-users] Active System Attack Query
Next by thread: Re: [cobalt-users] Active System Attack Query

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index