[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Portsentry works fine: port 111

Subject: Re: [cobalt-users] Portsentry works fine: port 111
From: "John Theriault" <cabal@xxxxxxxxxxx>
Date: Thu Mar 29 17:10:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "Hendrik Runte" <cobalt@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, March 30, 2001 2:43 AM
Subject: [cobalt-users] Portsentry works fine: port 111

> Hi,
>
> what's so special about port 111 (this sun remot procedure call)?
>
> After installing portsentry 2 weeks ago, I got a lot 'positive' results
> (even one from the ministry of education in denmark). But all these guys
> have scanned port 111 only (and were blocked...)
>
> Why do these people 'love' this port so much?
>
> Hendrik.
>

I'm sure I won't be the only one to respond to this message. The reason
you're getting scans on port 111 is that there are many known exploits for
the rpc daemon. From what I've seen and read, many of them are root level
exploits... looks like the anklebitters are hoping your raq will be an easy
target. This shouldn't be *too* much of a problem, as most of the exploits
have been fixed (or so I am informed).

If someone else could provide a more technical answer to this, I'd
appreciate it. It's been awhile since I've seen an rpcd attack in the wild.

J.

Follow-Ups:
- Re: [cobalt-users] Portsentry works fine: port 111
  - From: Hendrik Runte

References:
- [cobalt-users] Portsentry works fine: port 111
  - From: Hendrik Runte

Prev by Date: Re: [cobalt-users] Bind exploit, RAQ3i
Next by Date: RE: [cobalt-users] Creating users for virtual sites...
Previous by thread: [cobalt-users] Portsentry works fine: port 111
Next by thread: Re: [cobalt-users] Portsentry works fine: port 111

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index