Snort mailing list archives
Help! RPC Port 111
From: "T.Ferris" <tommy () security-protocols com>
Date: Thu, 27 Sep 2001 06:07:09 -0400
Ok, I am running Snort IDS on Mandrake 8.0. I just received this alert below. [**] [1:583:1] RPC portmap request rstatd [**] [Classification: Attempted Information Leak] [Priority: 3] 09/27-05:51:47.239050 216.56.21.X873 -> 192.168.1.100:111 UDP TTL:47 TOS:0x0 ID:44461 IpLen:20 DgmLen:84 Len: 64 [Xref => http://www.whitehats.com/info/IDS10] [**] [1:1282:1] RPC EXPLOIT statdx [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 10] 09/27-05:51:47.414408 216.56.21.X:874 -> 192.168.1.100:1024 UDP TTL:47 TOS:0x0 ID:44578 IpLen:20 DgmLen:1104 Len: 1084 [Xref => http://www.whitehats.com/info/IDS442] I dont even know if he got root on my box or not. How can I close RPC Port 111? Thanks in Advance. -Tom _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help! RPC Port 111 T.Ferris (Sep 27)
- Re: Help! RPC Port 111 Erek Adams (Sep 27)