Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What do the following mean in my RPC portmapper logs?

logs mean portmapper RPC
0
Posted

What do the following mean in my RPC portmapper logs?

0 CommentsAdd a Comment

1 Answer

0

Clients lookup an RPC program in portmapper/rpcbind in order to find out which port number the service runs on. A hacker will either dump all the listings (using rpcinfo -p ) or lookup the mapping (using getport) for the particular RPC he/she wants to exploits. As always, these attempts are usually from scans against thousands/millions of machines rather than against you in particular. Every few months, a new exploit script is published for Linux or Solaris services, and script kiddies start scanning the Internet for that service. Most of the vulnerabilities in the services listed are buffer overflows. Note that on Sun Solaris machines, these services usually have port numbers in the range starting at port 32770. Many other times, RPC services will have ports below 1024, on the assumption that it provides a little better security because More info on RPC can be found in RFC1833.txt.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123