Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Rpcbind Listening on a Non-Standard Port
Operating Systems AIX Rpcbind Listening on a Non-Standard Port Post 302973432 by bakunin on Tuesday 17th of May 2016 04:45:31 PM
Old 05-17-2016
Quote:
Originally Posted by system.engineer
Below is the one of the vulnerability from my security team,

Code:
Solution:
========
 
Fix Solaris rpcbind filter evasion


Code:
[root@testlpar]/tmp>lsof -i :111 | grep LISTEN
portmap 7995500 root    3u  IPv6 0xf1000e0000045455b      0t0  TCP *:sunrpc (LISTEN)

From above information,we can see that portmapper is listening on port "111" not non-standard port "327xx".

oslevel is "7100-03-01-1341"
OK.

Quote:
Originally Posted by system.engineer
Can you please help me understand the cause of the issue and how can we avoid this in future.
Gladly so: fire your security team for proven incompetence.

First: there is a - very small, but subtle - difference between IPv6 and IPv4. It might be hard to grasp for a security person, but let me assure you: there is.

Second: there is a similar subtle and small difference between SunOS and AIX.

Third: this "filter evasion" is horse manure. A firewall worth its name will look at any ports, not just specific ones, anyway. The difference between ""well-known services" (ports below 1024) and other ports is that you have to be root to open a WKS port. There is nothing specifically problematic by using other ports at all. So, even if assuming their observation would have been correct - which it wasn't, see below - there would be no "security problem" per se, at best the problem of a bad (or badly configured) firewall. Inside a non-firewalled network it is completely bogus.

Fourth: your rpcbind process listens on exactly the right port: 111, as you have shown beyond doubt.

Fifth: you might have a real problem, which is less security-related then robustness-related. You (seem to) use UDP, which lacks - contrary to TCP - flow control. In the back the upside of this (slightly more throughput) was very significant because networks had limited bandwidth (i talk about classic 10Mbit ethernet here) but since bandwidth is almost as high as you want it to be the downside - missing flow control - in recent years outweighs this by far, which is why the most common reason to use remote procedure calls at all - NFS - turned to use TCP by default (UDP optional) in NFSv3 and TCP-only (NFSv4).

If you do not use NFS (or r-commands, but then you'd have bigger problems than strange port numbers) you might probably as well disable rpcbind altogether because the system might not use it anyways. (This you will have to check with your real system, it is just conjecture.)

I hope this helps.

bakunin

PS: you might update to the latest TL (6) from your TL-1-system, which would do a lot to enhance some problematic parts. It would do more for your security than tampering with rpcbind
This User Gave Thanks to bakunin For This Post:
system.engineer
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl Script Listening On A TCP Port

Hi, Im programming a perl script which will act as a daemon listening on a tcp port (2323) and will take (<stdin>) from the client (im going to use telnet) and run the arguments from (<stdin>) against an program already on the server, which is used to list books in the library at uni. So far... (1 Reply)
Discussion started by: emcb
1 Replies

2. IP Networking

port not listening..

Hi.. I am using HPux11.0 i want to know if server not listening to a tcp port what should we do to resolve the problem.... in /etc/services tcp port 7108/tcp is mentioned for some perticular application.. while starting that application error is coming could not establish listening address... (1 Reply)
Discussion started by: Prafulla
1 Replies

3. Shell Programming and Scripting

Listening on port for incoming data?

I am not what I would call an experienced programmer. I know some ksh etc.. I need to be able to listening on a port for incoming data on a ultra 10 using solaris 9. Basically all that I need to do at the moment is to log the incoming data on a specific port number. Any ideas on how I... (6 Replies)
Discussion started by: frustrated1
6 Replies

4. Linux

VNC Server http listening port

Hi All, I'm running RH 9.0 on a PII box with 160MB RAM. Just downloaded RealVNC X86 Linux (version 3.3.7). How can I get the HTTP listening port up ? Thanks, KENT (6 Replies)
Discussion started by: kxchen_home
6 Replies

5. IP Networking

how to find port numbers a web server is listening to

I want to write a program to list all port numbers a process like web server is listening to.Is there a any unix command to find the port numbers and the processes(pid) connected to that port. (6 Replies)
Discussion started by: laddu
6 Replies

6. Shell Programming and Scripting

Find file that maps to a listening port

On my VPS server I have a port that is open and is listening for a 'status' command when you connect to it to like so... $ telnet host 1900 Trying host... Connected to host. Escape character is '^]'. status QMAIL;OK APACHE;OK HTTPD;OK CRON;OK Wondering if what command I can attempt... (2 Replies)
Discussion started by: phpfreak
2 Replies

7. Cybersecurity

Listening to port when no IP address is assigned

Hi Pals Consider a case where the network interface is there and it is connected to a network. Only thing left here is I need to set a static ip/ip though dhcp (though ifconfig) I heard that it is possible to listen even if the ip address is not set. So is there any possibility of an attack over... (1 Reply)
Discussion started by: sreejithc
1 Replies

8. HP-UX

how to check remote server port listening from application.

Hi, I have an application running on HP-UX, from this application I need to findout if the port number. lets say 7890,7891, 7892 are listening on the remote server running on HP-UX. Is there any way of doing it using "system()" function or any other? I noticed that nmap, netcat are not... (0 Replies)
Discussion started by: einsteinBrain
0 Replies

9. IP Networking

How to find if remote n/w port is listening on HP-UX from the binary

Hi, I have an executable running on HP-UX, from this executable I need to findout if the portnumber. lets say 7890,7891, 7892 are listening on the remote server running on HP-UX. I can do it by creating socket, connect etc. But is there any other way of doing it using "system()" function or... (3 Replies)
Discussion started by: einsteinBrain
3 Replies

10. Red Hat

Can't connect to database listening on port 6730, Please Guide.

Hi all, I am not able to telnet from one system to another. say from system1 to system2 However i am able to do telnet system2 1521 but I am not able to do telnet system2 6730 & telnet system2 6731 & telnet system2 6732 some other onformation: system1:root(/root)# rpm -qa |... (1 Reply)
Discussion started by: manalisharmabe
1 Replies
All times are GMT -4. The time now is 01:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy