Nmap Announce mailing list archives
Re: RPC files
From: "ga" <duncan () multimania org>
Date: Fri, 5 Feb 1999 17:21:16 -0000
Re,
I thought I'd post this as an example of how to track down an errant RPC service for which no /etc/rpc entry exists: % rpcinfo -p localhost program vers proto port [..] 1342177279 3 tcp 1027 1342177279 1 tcp 1027 % lsof | egrep "inet " | egrep 1027 | egrep LISTEN ttsession 573 pg 4u inet 0x2947bf00 0t0 TCP *:1027 (LISTEN)
According to rfc 1831: 0 - 1fffffff defined by rpc () sun com 20000000 - 3fffffff defined by user 40000000 - 5fffffff transient 60000000 - 7fffffff reserved 80000000 - 9fffffff reserved a0000000 - bfffffff reserved c0000000 - dfffffff reserved e0000000 - ffffffff reserved So we can't really trace rpc programs id above 0x1ffffff unfortunately... However, I don't know if this would be in the scope of nmap but it's easy to code a portmap_dump() call on port 111 (||32771 and above) if it's opened and then it would automatically give away the portmapper list. Anyway, this port is usually filtered so it's not worth doing that. Also, I received the answer from Sun about the official rpc list (thanks for their quick answer):
We have not yet distributed the list of RPC registrations, but do intend to do so. I will add your name to the list of people to be notified when this occurs.
Hope it won't take too long.. but it's surprising that there are still not an official rpc program list. ga
Current thread:
- RPC files Fyodor (Feb 04)
- Re: RPC files Lamont Granquist (Feb 04)
- RE: RPC files Job de Haas (Feb 04)
- <Possible follow-ups>
- Re: RPC files ga (Feb 05)
- Re: RPC files Lamont Granquist (Feb 04)