I've been reading about the vulnerabilities arising from the sunrpc server. Running
netstat -A inet --listening shows the following services:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:10024 *:* LISTEN
tcp 0 0 localhost:10025 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:sunrpc *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 localhost:smtp *:* LISTEN
udp 0 0 *:filenet-tms *:*
udp 0 0 *:bootpc *:*
udp 0 0 *:mdns *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:ipp *:*
I guess that the "*:*" under "Foreign Address" means that it is listening for connection requests from any other address. When I scan port 111 using
Shields Up!, it is shown to be stealthed (due to the firewall). However, I would feel more comfortable if it was listening only to localhost.
Is it possible to configure it to do this? Do I need it to be running at all?
Also, any comments on *:filenet-tms? This is listening on port 32768. Under "Trojan Sightings",
Shields Up! shows
Hacker's Paradise
Thanks,
Rob