[14] in Security FYI
Notice of campus RPC security scan
daemon@ATHENA.MIT.EDU (Bob Mahoney)
Wed Aug 11 11:51:37 1999
Mime-Version: 1.0
Message-Id: <v04210102b3d74c050715@[18.177.0.98]>
Date: Wed, 11 Aug 1999 11:53:31 -0400
To: security-fyi@mit.edu, net-defense@mit.edu
From: Bob Mahoney <bobmah@MIT.EDU>
Cc: security-internal@mit.edu
-----BEGIN PGP SIGNED MESSAGE-----
MIT Information Systems will be conducting a series of brief security
scans over the next two days. The Network Security team will be
scanning all MIT networks for the RPC vulnerabilities that are the
focus of numerous recent breakin attempts, as described at
http://www.cert.org/incident_notes/IN-99-04.html
These are the rpc.cmsd, rpc.statd, and rpc.ttdbserverd
vulnerabilities, each of which occur in an RPC (Remote Procedure Call)
service on Solaris systems and some other Unix systems. Each
vulnerability allows an intruder to gain remote root access without a
password or other authentication.
You may find that system logs or security software indicates that both
tcp and udp data has been sent to your machine(s), with the port
number 111 and other port numbers assigned by the rpcbind (or portmap)
program on your computer. You may also see log entries looking
something like:
rpc.cmsd: connect from is-security-scan-1.mit.edu
Assuming that the source of these scans is is-security-scan-1.mit.edu
(or is-security-scan-2.mit.edu, is-security-scan-3.mit.edu, etc.) or
security.mit.edu, it is a legitimate security survey. This scanning
should not be cause for alarm. The intent is to identify systems with
a security vulnerability in an RPC service. (See the above
IN-99-04.html web page for information.) If you have concerns about
this process, please send e-mail to net-security@mit.edu.
We will be contacting owners of affected machines with advice on how
to eliminate this set of vulnerabilities.
We hope to continue to extend the scope of our vulnerability scanning,
in order to gather better information about which machine owners we
should contact with which vulnerability reports, and thereby help in
reducing the incidence of machine breakins at MIT.
- -Bob Mahoney, for the Network Security team
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQCVAwUBN7GchybWm6ZidLmFAQE6NAQAop2lhGdqCW8hXRBMg7kvp0+lwIWgbCVp
bBXu5a33RwHY43FZQW4fcsoCQRp1Uso4Fslbx659V1dm5XjfN8spjpv+bP3s7ZKN
ywZQR/qLaoWkZ0b34Yt22VJbMuaJzlND9KfPXJVOIyauY+5uhzbwd6CVxYmLANdu
lfW3+n5Th2k=
=WEKi
-----END PGP SIGNATURE-----
