[Plug-security] What's so interesting about port 111?

Craig White craigwhite@azapple.com
Sun, 28 Jan 2001 17:43:25 -0700 

JLF - you still have opnix in your mail headers

Craig

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252   
- e-mail address ................ - CraigWhite@AzApple.com  
- world wide web address ........ - http://www.AzApple.com  
- e-mail my pager address ....... - 6023779752@airtouch.net 
- cellular phone ................ - (602) 377-9752          
- voice/facsimile ............... - (480) 945-8445          
----:----|----:----|----:----|----:----|----:----|----:----|

> -----Original Message-----
> From: plug-security-admin@lists.plug.phoenix.az.us
> [mailto:plug-security-admin@lists.plug.phoenix.az.us]On Behalf Of
> J.L.Francois
> Sent: Friday, September 01, 2000 7:10 AM
> To: plug-security@lists.plug.phoenix.az.us
> Subject: Re: [Plug-security] What's so interesting about port 111?
> 
> 
> Good good good gooooood, port 111, servers never gave me any trouble
> till after port 99.......
> If you recognize the parody above you watched too much tv as a 
> kid like I did.
> 
> Ok. down to business:
> =====================
> sunrpc	111/tcp	  portmapper	# RPC 4.0 portmapper TCP
> sunrpc	111/udp	  portmapper	# RPC 4.0 portmapper UDP
> 
> To see it in action type:
> rpcinfo -p localhost
> 
> Many a root exploit has been written about the weknesses
> of RPC on port 111 for practically every UNIX including
> the one under the Sun[tm].
> 
> Take your browser over to:
> Exploit World - http://insecure.org/sploits_all.html
> 
> NOTE: The URL for Exploits covers a lot of info so I am
>       also passing it on to 2 others that may want to review 
>       the URL that are not on this list.
> 
> Who maintains the PLUG Security List?
> ( Please don't say it is me! )
> 
> It seems like on Thu, Aug 31, 2000 at 11:56:23PM -0700, 
> foodog@uswest.net scribbled:
> Orig Msg>   Over the last 2 weeks or so I've had about 10 script
> Orig Msg> kiddies try to connect to my home firewall on TCP port 111. 
> Orig Msg> I finally visited Packetstorm to see if something was just
> Orig Msg> released but nothing was obvious.  Anyone know what the kidz
> Orig Msg> are up to?  
> Orig Msg> 
> Orig Msg> Just curious, and wondering if anyone ever _uses_ the
> Orig Msg> security list ;-)
> Orig Msg> 
> Orig Msg> Steve
> Orig Msg> -- 
> Orig Msg> Carpe cerevisiae
> Orig Msg> 
> Orig Msg> _______________________________________________
> 
> Jean Francois - JLF Sends...
> President & CEO - MagusNet, Inc., MagusNet.com, MagusNet.Gilbert.AZ.US
> Director Of Managed Services - OpNIX,Inc., www.opnix.com
> OpNIX - Simply Better Bandwidth
> 
> 
> 
> 
> _______________________________________________
> Plug-security mailing list  -  Plug-security@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security