LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 12-18-2002, 09:37 AM   #1
MrJoshua
Member
 
Registered: Apr 2002
Location: Houston Texas
Distribution: Debian / Gentoo / RHEL
Posts: 209

Rep: Reputation: 31
sunrpc port 111


I started probing my servers for holes, and open ports, and I found port 111 sunrpc port open on 2 of my server. Does anyone know what this is and what it does. If it is not neccesay how do you turn it off, I do not see it in inet.d services list.
 
Old 12-18-2002, 01:54 PM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu
Posts: 1,432

Rep: Reputation: 100Reputation: 100
there's a lot of info on the web for sun's rpc:
http://www.cs.arizona.edu/xkernel/ww...on3_19_32.html
cheers, jens
 
Old 12-18-2002, 02:25 PM   #3
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
If your not worrying about connecting to other machines on a network like with NFS, you don't necessarily need it running.
 
Old 12-19-2002, 10:21 AM   #4
MrJoshua
Member
 
Registered: Apr 2002
Location: Houston Texas
Distribution: Debian / Gentoo / RHEL
Posts: 209

Original Poster
Rep: Reputation: 31
That is kool, thanks guys but I decided after reading that I will be using some NFS so, I will just block that port at my firewall.
 
Old 12-20-2002, 03:47 AM   #5
Flibble
Member
 
Registered: Mar 2002
Distribution: Redhat 9.0, Debian, Knoppix, YellowDog
Posts: 142

Rep: Reputation: 15
The portmapper is only "directory enquiries" for RPC on your machine, i.e. it will tell a requesting program which port another RC service runs on. However, I can still find out which RPC programs are running by "dialling" all your port numbers and deducing what is running based on the output. Nessus does a fine job of that. It is therefore essential that you block all ports at your firewall that you do not explicitly want people to connect to. I have seen many a firewall configured to block portmapper that happily let me connect and exploit tooltalkd (as part of a legitimate pentest assignment I might add ;>).

Not suggesting that this is _your_ config, just adding info for anyone else reading the thread. ;>

Flibble
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking port 111 wedgeworth Linux - Newbie 1 04-19-2004 01:56 PM
portsentry 111 port not binding saag Linux - Security 4 03-19-2004 09:40 AM
port 111 - firewall question taz76 Linux - Networking 5 04-04-2003 03:04 PM
scan port at 111 is open.... Qebex Linux - Security 5 09-21-2002 06:29 PM
Closing port 111 psyklops Linux - General 3 05-01-2002 12:53 AM


All times are GMT -5. The time now is 11:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration