Hi,
I've found this sometimes-rpc after doing nmap scanning
Code:
Starting Nmap 4.20 ( http://insecure.org ) at 2010-05-19 15:33 GMT+7
Interesting ports on 10.10.100.134:
Not shown: 1692 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
32776/tcp open sometimes-rpc15
32778/tcp open sometimes-rpc19
32779/tcp open sometimes-rpc21
how to disable those ports? I listed the services using
svcs -a | grep rpc
Code:
#svcs -a | grep rpc
disabled Oct_26 svc:/network/rpc/keyserv:default
disabled Oct_26 svc:/network/rpc/nisplus:default
disabled Oct_26 svc:/network/rpc/bootparams:default
disabled Oct_26 svc:/network/rpc/mdcomm:default
disabled Oct_26 svc:/network/rpc/metamed:default
disabled Oct_26 svc:/network/rpc/metamh:default
disabled Oct_26 svc:/network/rpc/ocfserv:default
disabled Oct_26 svc:/network/rpc/rex:default
disabled Oct_26 svc:/network/rpc/spray:default
disabled Oct_26 svc:/network/rpc/wall:default
disabled 14:38:45 svc:/network/rpc/bind:default
disabled 15:01:36 svc:/network/rpc-100235_1/rpc_ticotsord:default
disabled 15:04:26 svc:/network/rpc/meta:default
disabled 15:22:25 svc:/network/rpc/cde-calendar-manager:default
offline 14:38:45 svc:/network/rpc/gss:default
offline 14:38:45 svc:/network/rpc/rstat:default
offline 14:38:45 svc:/network/rpc/cde-ttdbserver:tcp
offline 14:38:45 svc:/network/rpc/smserver:default
offline 14:38:45 svc:/network/rpc/rusers:default
All the rpcs were already disabled or offline. So what are currently using those ports actually?
I also using lsof :
#lsof | grep 3277
to find out the application using the ports, but it returned nothing.
Please help.
I'm using SPARC Solaris 10.
Thanks.
