RPC Portmap Request

[Mohd Mukrim Che Mohamad Zulkifly <mukrim.zulkifly () bit com my>]

Hi, 

A few days ago, I received two Impact Flag 1 event alerts triggered by this rule

Rule : alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap ttdbserv request UDP"; content:"|00 01 86 A0|"; 
depth:4; offset:12; content:"|00 00 00 03|"; within:4; distance:4; byte_jump:4,4,relative,align; 
byte_jump:4,4,relative,align; content:"|00 01 86 F3|"; within:4; content:"|00 00 00 00|"; depth:4; offset:4; 
metadata:policy balanced-ips drop, policy security-ips drop, service sunrpc; reference:arachnids,24; 
reference:bugtraq,122; reference:bugtraq,3382; reference:cve,1999-0003; reference:cve,1999-0687; 
reference:cve,1999-1075; reference:cve,2001-0717; reference:url,www.cert.org/advisories/CA-2001-05.html; 
classtype:rpc-portmap-decode; sid:588; rev:20; )

Only two events were triggered, which made it suspicious. If it's an important service in the network, then a lot of 
events should have been triggered. Is it normal for this portmap request to happen? 

Thanks in advance.
------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org