Nmap Announce mailing list archives
Re: RPC files
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Thu, 4 Feb 1999 17:49:47 -0800
I thought I'd post this as an example of how to track down an errant RPC service for which no /etc/rpc entry exists: % rpcinfo -p localhost program vers proto port [..] 1342177279 3 tcp 1027 1342177279 1 tcp 1027 % lsof | egrep "inet " | egrep 1027 | egrep LISTEN ttsession 573 pg 4u inet 0x2947bf00 0t0 TCP *:1027 (LISTEN) So, 1342177279 == ttsession. It is part of CDE (/usr/bin/dt/ttsession) and would not at all shock me to find it is remotely exploitable... On Thu, 4 Feb 1999, Fyodor wrote:
Yesterday I asked if anyone wanted to volunteer to coordinate to create a global /etc/rpc. Lamong Granquist sent a big one, and ga <duncan () multimania org> and Vik Bajaj <vbajaj () sas upenn edu> are working on merging in more files. In particular, Vik writes:If anyone sends me email with "/etc/rpc" in the subject, it will now automatically get sorted/archived into a space-del. format. I'll manually keep track of what machines we have.So if anyone has an /etc/rpc to contribute, please send it to vbajaj () sas upenn edu with the subject "/etc/rpc". Cheers, Fyodor -- Fyodor 'finger pgp () www insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ In a free and open marketplace, it would be surprising to have such an obviously flawed standard generate much enthusiasm outside of the criminal community. --Mitch Stone on Microsoft ActiveX
-- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- RPC files Fyodor (Feb 04)
- Re: RPC files Lamont Granquist (Feb 04)
- RE: RPC files Job de Haas (Feb 04)
- <Possible follow-ups>
- Re: RPC files ga (Feb 05)
- Re: RPC files Lamont Granquist (Feb 04)