[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Portsentry works fine: port 111
- Subject: Re: [cobalt-users] Portsentry works fine: port 111
- From: Hendrik Runte <cobalt@xxxxxxxxxx>
- Date: Thu Mar 29 18:46:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> ----- Original Message -----
> From: "Hendrik Runte" <cobalt@xxxxxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Friday, March 30, 2001 2:43 AM
> Subject: [cobalt-users] Portsentry works fine: port 111
>
>
>> Hi,
>>
>> what's so special about port 111 (this sun remot procedure call)?
>>
>> After installing portsentry 2 weeks ago, I got a lot 'positive' results
>> (even one from the ministry of education in denmark). But all these guys
>> have scanned port 111 only (and were blocked...)
>>
>> Why do these people 'love' this port so much?
>>
>> Hendrik.
>>
>
> I'm sure I won't be the only one to respond to this message. The reason
> you're getting scans on port 111 is that there are many known exploits for
> the rpc daemon. From what I've seen and read, many of them are root level
> exploits... looks like the anklebitters are hoping your raq will be an easy
> target. This shouldn't be *too* much of a problem, as most of the exploits
> have been fixed (or so I am informed).
>
> If someone else could provide a more technical answer to this, I'd
> appreciate it. It's been awhile since I've seen an rpcd attack in the wild.
>
> J.
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
Thanks, John!
BTW, this _is_ definately a helpful reply -- compared to postings telling
how much self-esteem one pretends to have, happened the last days so many
times that I really thought of leaving this list.
This makes me feel good again!
Regards,
Hendrik.