Snort mailing list archives
Re: rpc.statd
From: LEFEVRE David <David.LEFEVRE () cardif fr>
Date: Wed, 06 Jun 2001 09:44:42 +0200
You should look for Cybercop or Nessus Security scanning tool. I use it to improve security of my net, it runs well. It also has a "nmap plugin". For an exemple : Vulnerability found on port unknown (669/tcp) The remote statd service could be brought down with a format string attack - it now needs to be restarted manually. This means that an attacker may execute arbitrary code thanks to a bug in this daemon. Solution : upgrade to the latest version of rpc.statd Risk factor : High see CVE : CVE-2000-0666 (http://cgi.nessus.org/cve.php3?cve=CVE-2000-0666) Best regards, David skop d'skop wrote:
hi guys, come across this alert lately for my network [**] IDS10 - RPC - portmap-request-rstatd [**] May 30 11:25:15 A.B.C.80:3348 -> X.Y.Z.9:111 SYN ******S* May 30 11:25:16 A.B.C.80:726 -> X.Y.Z.9:111 UDP May 20 11:25:15 A.B.C.80:3351 -> X.Y.Z.12:111 SYN ******S* May 20 11:25:15 A.B.C.80:3352 -> X.Y.Z.13:111 SYN ******S* May 20 11:25:16 208.131.80.80:727 -> X.Y.Z.13:111 UDP and i'm wondering what kind of scanning / tool that trigger this alert. i 've done with #rpcinfo -p hostname and #nmap -sU -sR hostname , yet no similiar output. -skop ___________________________________________________________________________ Visit http://www.visto.com/info, your free web-based communications center. Visto.com. Life on the Dot. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- David LEFEVRE CARDIF - Architecture et Sécurité Opérationnelle david.lefevre () cardif fr - Tél : 01 41 42 76 63 ********************************************************************** L'intégrité de ce message n'étant pas assurée sur Internet, CARDIF ne peut être tenu responsable de son contenu. Si vous n'êtes pas destinataire de ce message confidentiel, Merci de le détruire et d'avertir immédiatement l'expediteur. The integrity of this message cannot be guaranteed on the Internet. CARDIF can not therefore be considered responsible for the contents. If you are not the intended recipient of this confidential message, then please delete it and notify immediately the sender. ********************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rpc.statd skop d'skop (Jun 05)
- Re: rpc.statd LEFEVRE David (Jun 06)
- <Possible follow-ups>
- Re: rpc.statd skop d'skop (Jun 06)
- Re: rpc.statd Colin Wu (Jun 06)