Firewalls: Re: RCP tcp/udp 111

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: RCP tcp/udp 111
From:	"David J. Meltzer" <davem @ iss . net>
Date:	Fri, 10 Jan 1997 12:59:29 -0500 (EST)
To:	Rob Sansom <sansom @ connectix . com>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<199701101608 . IAA16747 @ apu . connectix . com>

On Fri, 10 Jan 1997, Rob Sansom wrote:
>
> RPC Portmapper.  Very bad to allow people to connect to this, since they can
> find out what sorts of RPC services you run on your host (if I'm correct).
> 
> At 04:34 PM 1/8/97 -0800, you wrote:
> >Can anyone comment on the security of rcp 
> >tcp/udp port 111.
> >

  That is certainly a true statement, but by blocking access to the
portmap service alone, you are really not preventing anyone from achieving
the same results.  It is quite feasible to do a UDP scan for RPC services
and by looking at the resulting RPC replies build up a list that is
identical to what the portmapper will return.  

-Dave

--------------------------------+---------------------
       David J. Meltzer         | Email: davem @
 iss .
 net 
       Systems Engineer         |   Web:   www.iss.net 
Internet Security Systems, Inc. |   Fax: (770)395-1972

References:

Re: RCP tcp/udp 111
From: Rob Sansom <sansom @ connectix . com>

Indexed By Date	Previous:	Re: FW-1 hacked? - Reply From: "Gabriel Dura" <dura @ geocities . com>
Indexed By Date	Next:	Re: registered IP addresses? From: Sam Chepkevich <samc @ aloha . net>
Indexed By Thread	Previous:	Re: RCP tcp/udp 111 From: Paul Danckaert <pauld @ magnet . com>
Indexed By Thread	Next:	Re: RCP tcp/udp 111 From: Brian Mitchell <brian @ saturn . net>