[Snort-users] Help! RPC Port 111

T.Ferris tommy at ...3366...
Thu Sep 27 18:09:02 EDT 2001


Ok,

I am running Snort IDS on Mandrake 8.0.  I just received this alert below.


[**] [1:583:1] RPC portmap request rstatd [**]
[Classification: Attempted Information Leak] [Priority: 3]
09/27-05:51:47.239050 216.56.21.X873 -> 192.168.1.100:111
UDP TTL:47 TOS:0x0 ID:44461 IpLen:20 DgmLen:84
Len: 64
[Xref => http://www.whitehats.com/info/IDS10]

[**] [1:1282:1] RPC EXPLOIT statdx [**]
[Classification: Attempted Administrator Privilege Gain] [Priority: 10]
09/27-05:51:47.414408 216.56.21.X:874 -> 192.168.1.100:1024
UDP TTL:47 TOS:0x0 ID:44578 IpLen:20 DgmLen:1104
Len: 1084
[Xref => http://www.whitehats.com/info/IDS442]

I dont even know if he got root on my box or not.  How can I close RPC Port 
111?

Thanks in Advance.

-Tom




More information about the Snort-users mailing list