[Plug-security] What's so interesting about port 111?

J.L.Francois frenchie@magusnet.gilbert.az.us
Fri, 1 Sep 2000 07:09:56 -0700


Good good good gooooood, port 111, servers never gave me any trouble
till after port 99.......
If you recognize the parody above you watched too much tv as a kid like I did.

Ok. down to business:
=====================
sunrpc	111/tcp	  portmapper	# RPC 4.0 portmapper TCP
sunrpc	111/udp	  portmapper	# RPC 4.0 portmapper UDP

To see it in action type:
rpcinfo -p localhost

Many a root exploit has been written about the weknesses
of RPC on port 111 for practically every UNIX including
the one under the Sun[tm].

Take your browser over to:
Exploit World - http://insecure.org/sploits_all.html

NOTE: The URL for Exploits covers a lot of info so I am
      also passing it on to 2 others that may want to review 
      the URL that are not on this list.

Who maintains the PLUG Security List?
( Please don't say it is me! )

It seems like on Thu, Aug 31, 2000 at 11:56:23PM -0700, foodog@uswest.net scribbled:
Orig Msg>   Over the last 2 weeks or so I've had about 10 script
Orig Msg> kiddies try to connect to my home firewall on TCP port 111. 
Orig Msg> I finally visited Packetstorm to see if something was just
Orig Msg> released but nothing was obvious.  Anyone know what the kidz
Orig Msg> are up to?  
Orig Msg> 
Orig Msg> Just curious, and wondering if anyone ever _uses_ the
Orig Msg> security list ;-)
Orig Msg> 
Orig Msg> Steve
Orig Msg> -- 
Orig Msg> Carpe cerevisiae
Orig Msg> 
Orig Msg> _______________________________________________

Jean Francois - JLF Sends...
President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
Director Of Managed Services - OpNIX,Inc., www.opnix.com
OpNIX - Simply Better Bandwidth