I was trying to find information about below rpcbind issue and how can I fix it so that, it wont happen again.
Below is the one of the vulnerability from my security team,
This is what I can see from lpar
From above information,we can see that portmapper is listening on port "111" not non-standard port "327xx".
oslevel is "7100-03-01-1341"
I'm not sure how did they found the above vulnerability in scanning. Can you please help me understand the cause of the issue and how can we avoid this in future.
Below is the one of the vulnerability from my security team,
From above information,we can see that portmapper is listening on port "111" not non-standard port "327xx".
oslevel is "7100-03-01-1341"
OK.
Quote:
Originally Posted by system.engineer
Can you please help me understand the cause of the issue and how can we avoid this in future.
Gladly so: fire your security team for proven incompetence.
First: there is a - very small, but subtle - difference between IPv6 and IPv4. It might be hard to grasp for a security person, but let me assure you: there is.
Second: there is a similar subtle and small difference between SunOS and AIX.
Third: this "filter evasion" is horse manure. A firewall worth its name will look at any ports, not just specific ones, anyway. The difference between ""well-known services" (ports below 1024) and other ports is that you have to be root to open a WKS port. There is nothing specifically problematic by using other ports at all. So, even if assuming their observation would have been correct - which it wasn't, see below - there would be no "security problem" per se, at best the problem of a bad (or badly configured) firewall. Inside a non-firewalled network it is completely bogus.
Fourth: your rpcbind process listens on exactly the right port: 111, as you have shown beyond doubt.
Fifth: you might have a real problem, which is less security-related then robustness-related. You (seem to) use UDP, which lacks - contrary to TCP - flow control. In the back the upside of this (slightly more throughput) was very significant because networks had limited bandwidth (i talk about classic 10Mbit ethernet here) but since bandwidth is almost as high as you want it to be the downside - missing flow control - in recent years outweighs this by far, which is why the most common reason to use remote procedure calls at all - NFS - turned to use TCP by default (UDP optional) in NFSv3 and TCP-only (NFSv4).
If you do not use NFS (or r-commands, but then you'd have bigger problems than strange port numbers) you might probably as well disable rpcbind altogether because the system might not use it anyways. (This you will have to check with your real system, it is just conjecture.)
I hope this helps.
bakunin
PS: you might update to the latest TL (6) from your TL-1-system, which would do a lot to enhance some problematic parts. It would do more for your security than tampering with rpcbind
there is at least one well known in enterprise world software, which has afair its own RPC implementation. and agents of this s.....oftware on AIX like using ports like 32xxx for RPC server. but it seems, that you don't have it.
Hi all,
I am not able to telnet from one system to another.
say from system1 to system2
However i am able to do
telnet system2 1521
but I am not able to do
telnet system2 6730 &
telnet system2 6731 &
telnet system2 6732
some other onformation:
system1:root(/root)# rpm -qa |... (1 Reply)
Hi,
I have an executable running on HP-UX, from this executable I need to findout if the portnumber. lets say 7890,7891, 7892 are listening on the remote server running on HP-UX.
I can do it by creating socket, connect etc. But is there any other way of doing it using "system()" function or... (3 Replies)
Hi,
I have an application running on HP-UX, from this application I need to findout if the port number. lets say 7890,7891, 7892 are listening on the remote server running on HP-UX.
Is there any way of doing it using "system()" function or any other?
I noticed that nmap, netcat are not... (0 Replies)
Hi Pals
Consider a case where the network interface is there and it is connected to a network.
Only thing left here is I need to set a static ip/ip though dhcp (though ifconfig)
I heard that it is possible to listen even if the ip address is not set. So is there any possibility of an attack over... (1 Reply)
On my VPS server I have a port that is open and is listening for a 'status' command when you connect to it to like so...
$ telnet host 1900
Trying host...
Connected to host.
Escape character is '^]'.
status
QMAIL;OK
APACHE;OK
HTTPD;OK
CRON;OK
Wondering if what command I can attempt... (2 Replies)
I want to write a program to list all port numbers a process like web server is listening to.Is there a any unix command to find the port numbers and the processes(pid) connected to that port. (6 Replies)
Hi All,
I'm running RH 9.0 on a PII box with 160MB RAM. Just downloaded RealVNC X86 Linux (version 3.3.7). How can I get the HTTP listening port up ?
Thanks,
KENT (6 Replies)
I am not what I would call an experienced programmer.
I know some ksh etc..
I need to be able to listening on a port for incoming data on a ultra 10 using solaris 9. Basically all that I need to do at the moment is to log the incoming data on a specific port number.
Any ideas on how I... (6 Replies)
Hi..
I am using HPux11.0
i want to know if server not listening to a tcp port what should we do to resolve the problem....
in /etc/services tcp port 7108/tcp is mentioned for some perticular application..
while starting that application error is coming could not establish
listening address... (1 Reply)
Hi,
Im programming a perl script which will act as a daemon listening on a tcp port (2323) and will take (<stdin>) from the client (im going to use telnet) and run the arguments from (<stdin>) against an program already on the server, which is used to list books in the library at uni.
So far... (1 Reply)