Home page logo

basics logo Security Basics mailing list archives

RE: What does this mean?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 28 Apr 2004 08:38:51 -0700

  RPC is a meta-service.  Instead of mapping specific services
to specific ports, a service registers with RPC, and RPC assigns
a port.  A client looking for that service knows to contact RPC
(the two main flavours listen on port 111 (Sun flavour) and 135
(Microsoft flavour)) and ask for the service by name; RPC will
tell the client what port it assigned that service.  Since the
well-known ports are all those less than or equal to 1024, at
least the Microsoft flavour of RPC starts assigning ports to
services at 1025 and increments from there.
  I believe virtually all current Windows versions include at
least one OS service that registers via RPC.  I don't remember
what it is or does, just that it's "normal".

David Gillett

-----Original Message-----
From: Adnan Ali [mailto:call_ret () yahoo com]
Sent: Wednesday, April 28, 2004 6:17 AM
To: gillettdavid () fhda edu
Cc: security-basics () securityfocus com
Subject: RE: What does this mean?

--- David Gillett <gillettdavid () fhda edu> wrote:
-----Original Message-----
From: Adnan Ali [mailto:call_ret () yahoo com]

I have a PC running Windows 2000 Prof, and when I
a netstat -an, I get the following:

Active Connections:
Proto  Local Addr    Foreign Addr     State 

    CIFS (NetBIOS successor) 
    Something RPC knows about 
    Something RPC knows about 
UDP            *:*                 
UDP            *:*                 
    CIFS (NetBIOS successor) 
UDP           *:*                 
    Something RPC knows about 
UDP          *:*                 
    Norton Antivirus

As tcpview shows it, it is msgsys.exe, messenger

UDP        *:*                 
    IKE; VPN working past NAT

Can you please explain a little further what do you
mean by "Something RPC knows about".

Thanks and best regards,

Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]