Thursday, November 18, 2004

What's the Unix RPC and how we have to do protection?

Like any network resources, applications need to have a way to talk to each other over the network.RPC is one of the most popular protocols for doing it.It employes a service called the Portmapper(in most of Unix's OS known as rpcbind) to arbitrate between client requests and ports that it dynamically assigns to listening applications.The attackers using some tools such as "rpcinfo" to enumerate the services (which are based on RPC) such as rwhod or rusersd.
RPC Portmappers typically run on TCP/UDP 111 and TCP/UDP 32771 on some Sun boxes, then you should do at least the following items:
1. Filter TCP/UDP 111 and TCP/UDP 32771 on the firewall.
2. Disable RPC based services from /etc/rc* or /etc/init.d on your Unix/Linux machine.
3. Check with your RPC vendor to learn which options are available to protect youe services.
4. Using Sun's Secure RPC that authenticates based on public-key cryptographic mechanisms.

No comments: