Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

RPC Connections

  • 02-07-2001 03:11PM
    #1
    Gavin
    Registered Users, Registered Users 2 Posts: 4,660 ✭✭✭


    I am constantly, at least once or twice a day getting attempted connections to port 111 on our firewall. sunrpc ?

    What exactly is it ? What can they do with it ?

    Cheers,
    Gav


Comments

  • #2
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    The portmapper listens to port 111. It directs clients to services listening on various high ports such as statd etc (that's a really bad explanation). Lots of vulnerable services are queried via this port. If you have the portmapper running, try
    rpcinfo -p hostname
    to see what exactly is available. If you don't need it, turn it off. If you're not running it, why worry about it wink.gif


  • #3
    Gavin
    Registered Users, Registered Users 2 Posts: 4,660 ✭✭✭Gavin


    Hum it is running, blocked by the firewall on the internet side though.

    rpcinfo -p localhost
    program vers proto port
    100000 2 tcp 111 portmapper
    100000 2 udp 111 portmapper

    So if it was open what can someone do with that ? Hum, i should really just search google.

    Gav


  • #4
    ecksor
    Moderators, Social & Fun Moderators Posts: 10,501 Mod ✭✭✭✭ecksor


    Not a lot probably, you don't seem to be running a lot of rpc services. In which case, it's safer to just turn it off wink.gif

    That looks like a default FreeBSD setup in which case you can stop that from launching at boot time by setting
    portmap_enable="NO"
    in /etc/rc.conf


Advertisement