PROTOCOL-RPC -- Snort has detected traffic that may indicate the presence of the rpc protocol or vulnerabilities in the rpc protocol on the network.
PROTOCOL-RPC portmap proxy attempt UDP
This event is generated when an attempt is made to forward a Remote Procedure Call (RPC) request through the portmapper service. Impact: Information disclosure. This can detect and request RPC services offered. Details: The RPC "callit" procedure allows the portmapper to act as a proxy to forward requests to other RPC services offered by the host. This allows an attacker to call an RPC service on the same host without knowing the port number associated with the RPC service. Ease of Attack: Simple.
No information provided
No public information
Known false positives, with the described conditions
According to RFC 1057, this proxy feature supports broadcasts to RPC services using the well-known portmapper port. This rule also generates an event when legitimate hosts attempt to use the proxy feature.
Cisco Talos Brian Caswell Judy Novak Nigel Houghton
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
