GEN:SID | 1:1960 |
Message | RPC portmap NFS request TCP |
Summary | This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) nfsd is listening.
|
Impact | Information disclosure. This request is used to discover which port nfsd is using. Attackers can also learn what versions of the nfsd protocol are accepted by nfsd.
|
Detailed Information | The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as nfsd run. The nfsd RPC service starts the Network File System (NFS) server daemon that handles file system requests from clients. Once a client mounts an NFS file system, the nfsd daemon handles access to the mount point and associated directories. Several vulnerabilities are associated with nfsd.
|
Affected Systems | All hosts running the UNIX portmapper.
|
Attack Scenarios | An attacker can query the portmapper to discover the port where nfsd runs. This may be a precursor to accessing nfsd.
|
Ease of Attack | Easy.
|
Corrective Action | Limit remote access to RPC services.
Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.
Disable unneeded RPC services.
|
Additional References | |