Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)

From: newsham () aloha net (Timothy Newsham)
Date: Thu, 13 Apr 1995 12:59:40 -1000 (HST)


Yes.  Blocking port 111 is not enough; it is far too easy to just fire
NIS requests at every port number in the appropriate range - there are
only a few thousand of them.  If you're running a mostly stock setup,
one can almost predict the port NIS will use a priori.


Its very easy to scan for services using RPC since they respond
in a uniform manner to RPC formatted packets that you send
to them.  You can scan a large range of udp ports in a relatively
small amount of time.  The RPC daemon will also respond in
a particular way if you give it the right program number so
you can go through a list of well known program numbers and
determine which service is on a port once you know a port
is talking RPC.


                                      der Mouse
                          mouse () collatz mcrcim mcgill edu
Previous By Date Next
Previous By Thread Next

Current thread: