[Plug-security] What's so interesting about port 111?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: J.L.Francoisfrenchie@magusnet.gilbert.az.us
Date:  
Subject: [Plug-security] What's so interesting about port 111?
Good good good gooooood, port 111, servers never gave me any trouble
till after port 99.......
If you recognize the parody above you watched too much tv as a kid like I did.

Ok. down to business:
=====================
sunrpc    111/tcp      portmapper    # RPC 4.0 portmapper TCP
sunrpc    111/udp      portmapper    # RPC 4.0 portmapper UDP


To see it in action type:
rpcinfo -p localhost

Many a root exploit has been written about the weknesses
of RPC on port 111 for practically every UNIX including
the one under the Sun[tm].

Take your browser over to:
Exploit World - http://insecure.org/sploits_all.html

NOTE: The URL for Exploits covers a lot of info so I am
      also passing it on to 2 others that may want to review 
      the URL that are not on this list.


Who maintains the PLUG Security List?
( Please don't say it is me! )

It seems like on Thu, Aug 31, 2000 at 11:56:23PM -0700, scribbled:
Orig Msg> Over the last 2 weeks or so I've had about 10 script
Orig Msg> kiddies try to connect to my home firewall on TCP port 111.
Orig Msg> I finally visited Packetstorm to see if something was just
Orig Msg> released but nothing was obvious. Anyone know what the kidz
Orig Msg> are up to?
Orig Msg>
Orig Msg> Just curious, and wondering if anyone ever _uses_ the
Orig Msg> security list ;-)
Orig Msg>
Orig Msg> Steve
Orig Msg> --
Orig Msg> Carpe cerevisiae
Orig Msg>
Orig Msg> _______________________________________________

Jean Francois - JLF Sends...
President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
Director Of Managed Services - OpNIX,Inc., www.opnix.com
OpNIX - Simply Better Bandwidth