How vulnerable is RPC (port 1025) on Linux?
From: Joshua Davies (jdaviestx_at_comcast.net)
Date: 06/23/04
- Next message: Larry: "using secure ftp with a pipe ?"
- Previous message: Jean-Louis Bogaerts: "Looking for ebooks for security certification"
- Next in thread: David Magda: "Re: How vulnerable is RPC (port 1025) on Linux?"
- Reply: David Magda: "Re: How vulnerable is RPC (port 1025) on Linux?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Jun 2004 07:06:44 -0700
I just recently did a fresh Debian installation and, since my computer
was connected to the cable modem, it recognized the connection, DHCP'd
me, gave me an IP address and hooked me up as part of the install. As
soon as I logged in, I ran a netstat to figure out what ports might be
open and I noticed that Debian (for some reason) installs a default
inetd.conf file that includes an RPC service that's listening on port
1025. Sure enough, when I looked for open connections, somebody had
already established a connection to port 1025. I shut down the RPC
statd and portmapper immediately, found the offending process and
killed it, but I'm not sure if I should be worried about any damage he
might have done in the few minutes between the time I started up and
the time I noticed the connection. A quick google search shows that
most port 1025 vulnerabilities are related to Microsoft's DCOM
protocol, which I'm obviously not using... are there any other known
RPC vulnerabilities? Any known worms that try to replicate on port
1025?
- Next message: Larry: "using secure ftp with a pipe ?"
- Previous message: Jean-Louis Bogaerts: "Looking for ebooks for security certification"
- Next in thread: David Magda: "Re: How vulnerable is RPC (port 1025) on Linux?"
- Reply: David Magda: "Re: How vulnerable is RPC (port 1025) on Linux?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
