GEN:SID 1:586
Message RPC portmap selection_svc request UDP
Summary This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) selection_svc is listening.
Impact Information disclosure.  This request is used to discover which port selection_svc is using.  Attackers can also learn what versions of the selection_svc protocol are accepted by selection_svc.
Detailed Information The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as selection_svc run.  The selection_svc RPC service is used by SunView, an old windowing system from Sun.  A vulnerability exists in selection_svc that allows a remote user to read files that are readable by SunView.
Affected Systems Sun SunOS 3.5
Sun SunOS 4.0
Sun SunOS 4.0.1
Sun SunOS 4.0.2
Sun SunOS 4.0.3
Sun SunOS 4.1
Sun SunOS 4.1.1
Attack Scenarios An attacker can query the portmapper to discover the port where selection_svc runs.  This may be a precursor to accessing selection_svc.
Ease of Attack Simple.  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References Bugtraq
http://www.securityfocus.com/bid/8

CERT
http://www.cert.org/advisories/CA-1990-05.html

Arachnids
http://www.whitehats.com/info/IDS25

Rule References arachnids: 25