GEN:SID 1:1275
Message RPC portmap yppasswd request TCP
Summary This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) yppasswd is listening.

Impact Information disclosure.  This request is used to discover which port yppasswd is using.  Attackers can also learn what versions of the yppasswd protocol are accepted by yppasswd.
Detailed Information The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as yppasswd run.  The yppasswd RPC service handles password change requests from the program yppasswd.  This program is used to change a user password in Network Information Service (NIS) environments where a centralized database exists to distribute passwords throughout a network.  Multiple vulnerabilities are associated with the yppasswd RPC program.
Affected Systems All hosts running the UNIX portmapper.
Attack Scenarios An attacker can query the portmapper to discover the port where yppasswd runs.  This may be a precursor to querying yppasswd for usage statistics.
Ease of Attack Easy.  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References Arachnids:
http://www.whitehats.com/info/IDS14

Rule References arachnids: 14