| Author |
RPC - risks or vulnerable? |
bruxa
Member
Posts: 14
Location:
Joined: 02.07.08
Rank: Hacker Level 1 |
|
Hi all,
Currently, I am interested in RPC (remote procedure calls) running on different machines. What do you think: is running this service a "huge" security risks? I do not mean that any running service can be a security risk. My question goes in the direction of "what general attacks can be expected running such a service"? And what are the major goals of a potential attacker who find this service and what can he do in general? Furthermore, why is it sometimes necessary to run an rpc daemon instead of disable it? For what exactly is it required?
I also played around with the tool rpcinfo to get some more information about the remote machine.
I would kindly like to start a little discussion about this topic to learn what the community thinks about and to get more experiences with tools like rpcinfo, rpcclient, etc.
Thank for answering
bruxa
|
|
| Author |
RE: RPC - risks or vulnerable? |
spyware
Member
Posts: 4158
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
Homework much?
The most censored HBH profile.
"The chowner of property." - Zeph“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
| Author |
RE: RPC - risks or vulnerable? |
wolfmankurd
Member
Posts: 1519
Location: UK
Joined: 30.05.05
Rank: God |
|
No body cares, please come back when you have an even remotely interesting question.
BY READING MY POST, YOU ACCEPT IT AS IS AND AGREE TO MY DISCLAIMER OF ALL WARRANTIES, EXPRESS OR IMPLIED, AS WELL AS DISCLAIMERS OF ALL LIABILITY, DIRECT, INDIRECT, CONSEQUENTIAL OR INCIDENTAL, THAT MAY ARISE FROM THE USE OF THIS (MIS)INFORMATION.
|
|
| Author |
RE: RPC - risks or vulnerable? |
define
Member
Posts: 201
Location:
Joined: 13.12.08
Rank: Moderate
Warn Level: 1
|
|
There's loads of information on RPC all over the Internets.
For defense, Google "rpc security".
For offense, Google "rpc attack".
Read some, then refine your search based upon what you've learned about or seen as buzzwords.
If you need to contact me, send me a PM. I will read and/or respond in time. |
|
|
| Author |
RE: RPC - risks or vulnerable? |
bruxa
Member
Posts: 14
Location:
Joined: 02.07.08
Rank: Hacker Level 1 |
|
|
aehhhh, you are right! Google should mostly always asked as fist.... |
|
|
| Author |
RE: RPC - risks or vulnerable? |
cyb3rl0rd1867
Member
Posts: 143
Location: U.S
Joined: 07.07.06
Rank: Hacker Level 1 |
|
Ahh, the cynicism is in the air...
 |
|
|
| Author |
RE: RPC - risks or vulnerable? |
spyware
Member
Posts: 4158
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
cyb3rl0rd1867 wrote:
Ahh, the cynicism is in the air...
No.
The most censored HBH profile.
"The chowner of property." - Zeph“Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.” - Carl Sagan “Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert |
|
|
Main:
