Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Strange RPC? service entries.

Re: Strange RPC? service entries.

From: Pavel Kankovsky <peak_at_ARGO.TROJA.MFF.CUNI.CZ>
Date: Mon, 13 Mar 2000 10:24:05 +0100

On Thu, 9 Mar 2000, Tony Molloy wrote:

> Recently I've lots of messages like the following appearing in
> several of my server logs. Several megabytes a day each.
>
> Mar 8 18:57:33 server portmap[24722]: connect from xxx.xxx.xxx.xxx
> to callit(300214): request from unauthorized host
> Mar 9 07:59:44 server portmap[14761]: connect from xxx.xxx.xxx.xxx
> to callit(390109): request from unauthorized host

AFAIK, 390109 is "nsrstat" where "nsr" stands for Legato Networker (also
known as Solstice Backup). I know nothing certain 300214. A fuzzy
reference I found in one of FreeBSD lists suggests this service might be
related to FrameMaker. There should be a registry of these numbers
maintained by Sun but I do not know how one could access it (besides
the tiny portion in /etc/rpc).

BTW: From what I have seen, various people have been complaining about
these probes for a year. I smell a problem.

--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Received on Mar 14 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos