RPC TCP port probe
advICE :Intrusions : 2003016

Summary

An intruder has attempted to access the Sun RPC (rpcbind, portmapper) service on your system. This is probably during a sweep of millions of machines on the Internet, and is probably not targeting your computer in particular.

Details

RPC (Remote Procedure Call) is a networking technology developed by Sun Microsystems. It is used on most UNIX machines, and is a popular way of building networked applications. (Almost no Windows computers run this form of RPC).

Its popularity translates into lots of programs that may have holes. Scanning for RPC is the first stage in looking for those particular programs. If you had been running RPC on your system, then the next step the intruder would take would be an RPC portmapper dump, which would list all the RPC programs on your machine and tell the intruder if there are any he/she can exploit (use to break into your system).

Note: September, 1999

During this time, we have seen a dramatic rise in the number of scans for this port. This is due to the rpc.cmsd overflow exploit. A vulnerability has been discovered in this RPC service, so hackers are scouring the Internet looking for this service so they can exploit it to break into the system.

Is this serious?

For Windows users, this is not serious at all. The hacker is just scanning computers looking for a UNIX system they can exploit.

parametric information port This indicates the TCP port that was probed. reason The reason for the port probe. Firewalled: the incoming TCP SYN or UDP frame was stopped by the firewall. RSTsent: the incoming TCP SYN frame was rejected by the computer. ICMPsent: the incoming UDP frame was rejected by the computer. NOanswer: there was no response to the incoming SYN frame.

 
Version appeared: 1.8.5.5