GEN:SID 1:1953
Message RPC AMD TCP pid request
Summary This event is generated when a request is made to discover the Process ID (PID) of the Remote Procedure Call (RPC) amd.
Impact Information disclosure.  This request can allow an attacker to discover the PID associated with amd.
Detailed Information The amd RPC service implements the automounter daemon on UNIX hosts.  The amd service automatically mounts and unmounts requested file systems.  An attacker can make a request to amd to discover its PID.  Learning the PID may help an attacker guess a range of likely PIDs associated with other running services that are either started before or after amd.  This may facilitate an attack against other running processes.  
Affected Systems Any system running amd.
Attack Scenarios An attacker may request the PID associated with amd.  This information may be used to attack other running processes if the attacker has some means of access to the target host.
Ease of Attack Simple. Execute the command 'amq -p -T -h hostname/IP'.
  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References