GEN:SID 1:1265
Message RPC portmap cmsd request TCP
Summary This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) cmsd is listening.
Impact Information disclosure.  This request is used to discover which port cmsd is using.  Attackers can also learn what versions of the cmsd protocol are accepted by cmsd.
Detailed Information The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as cmsd run.  The cmsd RPC service implements the Calendar Manager Service daemon that is often distributed with the Common Desktop Environment (CDE) and OpenWindows.  Several buffer overflow vulnerabilities have been associated with cmsd.
Affected Systems Any host running the RPC service cmsd.
Attack Scenarios An attacker can query the portmapper to discover the port where cmsd runs.  This may be a precursor to accessing cmsd.
Ease of Attack Simple.  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References Arachnids
http://www.whitehats.com/info/IDS17

Rule References arachnids: 17