Security Incidents mailing list archives
Re: rpciod and ports 799/800 udp
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Mon, 18 Sep 2000 12:49:47 -0500
JJ, I ran into this before, rpciod is actually in kernel space, you have to recompile your kernel with kernel NFS support turned off to remove it. -HD http://www.digitaloffense.net/ "J. J. Horner" wrote:
My machine is trying to listen on udp ports 799 and 800. The only process still active is rpciod and it won't die. Does anyone know if this matches an m.o. of a known rootkit? I have udp 799 and 800 blocked at my firewall, but I'd like to know what is going on. These ports do not list an owning process when running 'netstat -tupan'. Thanks, -- J. J. Horner jjhorner () bellsouth net System has been up: 30 days.
Current thread:
- rpciod and ports 799/800 udp J. J. Horner (Sep 18)
- Re: rpciod and ports 799/800 udp H D Moore (Sep 19)