Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Help! RPC Port 111

From: "T.Ferris" <tommy () security-protocols com>
Date: Thu, 27 Sep 2001 06:07:09 -0400
Ok,

I am running Snort IDS on Mandrake 8.0.  I just received this alert below.


[**] [1:583:1] RPC portmap request rstatd [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/27-05:51:47.239050 216.56.21.X873 -> 192.168.1.100:111
UDP TTL:47 TOS:0x0 ID:44461 IpLen:20 DgmLen:84
Len: 64
[Xref => http://www.whitehats.com/info/IDS10]

[**] [1:1282:1] RPC EXPLOIT statdx [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 10]
09/27-05:51:47.414408 216.56.21.X:874 -> 192.168.1.100:1024
UDP TTL:47 TOS:0x0 ID:44578 IpLen:20 DgmLen:1104
Len: 1084
[Xref => http://www.whitehats.com/info/IDS442]

I dont even know if he got root on my box or not.  How can I close RPC Port 
111?

Thanks in Advance.

-Tom

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: