Re: RPC files

[Lamont Granquist <lamontg () raven genome washington edu>]

I thought I'd post this as an example of how to track down an errant RPC
service for which no /etc/rpc entry exists:

% rpcinfo -p localhost
   program vers proto   port
[..]
1342177279    3   tcp   1027
1342177279    1   tcp   1027
% lsof | egrep "inet " | egrep 1027 | egrep LISTEN
ttsession   573      pg    4u  inet 0x2947bf00                0t0     TCP
*:1027 (LISTEN)


So, 1342177279 == ttsession.  It is part of CDE (/usr/bin/dt/ttsession)
and would not at all shock me to find it is remotely exploitable...

On Thu, 4 Feb 1999, Fyodor wrote:
> Yesterday I asked if anyone wanted to volunteer to coordinate to create a
> global /etc/rpc.  Lamong Granquist sent a big one, and ga
> <duncan () multimania org> and Vik Bajaj <vbajaj () sas upenn edu> are working
> on merging in more files.  In particular, Vik writes:
>
> > If anyone sends me email with "/etc/rpc" in the subject, it will now
> > automatically get sorted/archived into a space-del. format.  I'll
> > manually keep track of what machines we have.
>
> So if anyone has an /etc/rpc to contribute, please send it to
> vbajaj () sas upenn edu with the subject "/etc/rpc".
>
> Cheers,
> Fyodor
>
> --
> Fyodor                            'finger pgp () www insecure org | pgp -fka'
> Frustrated by firewalls?          Try nmap: http://www.insecure.org/nmap/
> In a free and open marketplace, it would be surprising to have such an
> obviously flawed standard generate much enthusiasm outside of the criminal
> community.  --Mitch Stone on Microsoft ActiveX

-- 
Lamont Granquist                       lamontg () raven genome washington edu
Dept. of Molecular Biotechnology       (206)616-5735  fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka