Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

RPC Connections

Options
  • 02-07-2001 3:11pm
    #1
    Gavin
    Registered Users Posts: 4,676 ✭✭✭


    I am constantly, at least once or twice a day getting attempted connections to port 111 on our firewall. sunrpc ?

    What exactly is it ? What can they do with it ?

    Cheers,
    Gav


Comments

  • Options
    #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    The portmapper listens to port 111. It directs clients to services listening on various high ports such as statd etc (that's a really bad explanation). Lots of vulnerable services are queried via this port. If you have the portmapper running, try
    rpcinfo -p hostname
    to see what exactly is available. If you don't need it, turn it off. If you're not running it, why worry about it wink.gif


  • Options
    #3
    Gavin
    Registered Users Posts: 4,676 ✭✭✭Gavin


    Hum it is running, blocked by the firewall on the internet side though.

    rpcinfo -p localhost
    program vers proto port
    100000 2 tcp 111 portmapper
    100000 2 udp 111 portmapper

    So if it was open what can someone do with that ? Hum, i should really just search google.

    Gav


  • Options
    #4
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Not a lot probably, you don't seem to be running a lot of rpc services. In which case, it's safer to just turn it off wink.gif

    That looks like a default FreeBSD setup in which case you can stop that from launching at boot time by setting
    portmap_enable="NO"
    in /etc/rc.conf


Advertisement