----- Original Message ----- From: "Netnation - Diederik de Vries" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 1:55 PM Subject: Port 635
> Hi there! > > The last weeks, we frequently get portscanned at port 635. 635 is used for > mountd. Is there some new form of exploit available, or am I getting plain > paranoid? :) > I'm not sure if there is or not but a buffer overflow in Sun's RPC implementation was found (see DSA 272-1). So maybe it's something related to that? mountd uses RPC and NFS is all from Sun, so I'd imagine it'd use this dietlibc? Maybe it's related to that, maybe it's not. According to sans.org [1] RPC services are the number 1 exploitable part to UNIX systems so it may just be one of those standard 'scans' you get now and then. [1] http://www.sans.org/top20/#index David. -- David Ramsden http://portal.hexstream.eu.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
