I started probing my servers for holes, and open ports, and I found port 111 sunrpc port open on 2 of my server. Does anyone know what this is and what it does. If it is not neccesay how do you turn it off, I do not see it in inet.d services list.

there's a lot of info on the web for sun's rpc:
http://www.cs.arizona.edu/xkernel/ww...on3_19_32.html
cheers, jens

If your not worrying about connecting to other machines on a network like with NFS, you don't necessarily need it running.

That is kool, thanks guys but I decided after reading that I will be using some NFS so, I will just block that port at my firewall.

The portmapper is only "directory enquiries" for RPC on your machine, i.e. it will tell a requesting program which port another RC service runs on. However, I can still find out which RPC programs are running by "dialling" all your port numbers and deducing what is running based on the output. Nessus does a fine job of that. It is therefore essential that you block all ports at your firewall that you do not explicitly want people to connect to. I have seen many a firewall configured to block portmapper that happily let me connect and exploit tooltalkd (as part of a legitimate pentest assignment I might add ;>).

Not suggesting that this is _your_ config, just adding info for anyone else reading the thread. ;>

Flibble