1. Home
  2. Networking
  3. Network security assessment

Chapter 12. Assessing Unix RPC Services

Vulnerabilities in Unix RPC services have led to many large organizations falling victim to hackers over the last 10 years. One recent incident in April 1999 resulted in the web sites of Playboy, Sprint, O'Reilly Media, Sony Music, Sun Microsystems, and others being mass-defaced by H4G1S and the Yorkshire Posse (HTML mirrored at http://www.2600.com/hackedphiles/current/oreilly/hacked/). In this chapter, I cover remote RPC service vulnerabilities in Solaris, IRIX, and Linux, exploring how these services are exploited in the wild and how you can protect them.



    		Network Security Assessment
    		Foreword
    		Preface
    		Chapter 1. Network Security Assessment
    		Chapter 2. The Tools Required
    		Chapter 3. Internet Host and Network Enumeration
    		Chapter 4. IP Network Scanning
    		Chapter 5. Assessing Remote Information Services
    		Chapter 6. Assessing Web Services
    		Chapter 7. Assessing Remote Maintenance Services
    		Chapter 8. Assessing FTP and Database Services
    		Chapter 9. Assessing Windows Networking Services
    		Chapter 10. Assessing Email Services
    		Chapter 11. Assessing IP VPN Services
    		Chapter 12. Assessing Unix RPC Services
    		12.1 Enumerating Unix RPC Services
    		12.2 RPC Service Vulnerabilities
    		12.3 Unix RPC Services Countermeasures
    		Chapter 13. Application-Level Risks
    		Chapter 14. Example Assessment Methodology
    		Appendix A. TCP, UDP Ports, and ICMP Message Types
    		Appendix B. Sources of Vulnerability Information
    		Colophon