[1468] in bugtraq
Re: Replacement for NIS? (was Re: Obtaining NIS domainname from Gatorbox)
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Fri Apr 14 04:57:32 1995
From: newsham@aloha.net (Timothy Newsham)
To: mouse@Collatz.McRCIM.McGill.EDU (der Mouse)
Date: Thu, 13 Apr 1995 12:59:40 -1000 (HST)
Cc: bugtraq@fc.net
In-Reply-To: <199504122303.TAA12299@Collatz.McRCIM.McGill.EDU> from "der Mouse" at Apr 12, 95 07:03:32 pm
> Yes. Blocking port 111 is not enough; it is far too easy to just fire
> NIS requests at every port number in the appropriate range - there are
> only a few thousand of them. If you're running a mostly stock setup,
> one can almost predict the port NIS will use a priori.
Its very easy to scan for services using RPC since they respond
in a uniform manner to RPC formatted packets that you send
to them. You can scan a large range of udp ports in a relatively
small amount of time. The RPC daemon will also respond in
a particular way if you give it the right program number so
you can go through a list of well known program numbers and
determine which service is on a port once you know a port
is talking RPC.
> der Mouse
> mouse@collatz.mcrcim.mcgill.edu
