⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 591.txt

📁 snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具
💻 TXT
字号:
🔍 
Rule:--Sid:591--Summary:This event is generated when an attempt is made through a portmap GETPORT request to discover the port where the Remote Procedure Call (RPC) ypupdated is listening.--Impact:Information disclosure.  This request is used to discover which port ypupdated is using.  Attackers can also learn what versions of the ypupdated protocol are accepted by ypupdated.--Detailed Information:The portmapper service registers all RPC services on UNIX hosts. It can be queried to determine the port where RPC services such as ypupdated run.  The ypupdated RPC service allows clients to update maps for Network Information Service (NIS), formerly known as Sun Yellow Pages.  A vulnerability exists with improper validation associated with the 'make' command used to update changes, allowing the execution of arbitrary commands as root.  --Affected Systems:HP HP-UX 10.1, 10.10, 10.20IBM AIX 3.2, 4.1NEC EWS-UX/V, UP-UX/V SGI IRIX 3.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 5.0, 5.0.1, 5.1, 5.1.1, 5.2, 5.3, 6.0.1Sun SunOS 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4--Attack Scenarios:An attacker can query the portmapper to discover the port where ypupdated runs.  This may be a precursor to accessing ypupdated.--Ease of Attack:Simple.  --False Positives:If a legitimate remote user is allowed to access ypupdated, this rule may trigger.--False Negatives:This rule detects probes of the portmapper service for ypupdated, not probes of the ypupdated service itself. Because RPC services often listen on fairly arbitrary ports, it may not be possible to detect misuses of the ypupdated service itself. An attacker may attempt to go directly to the ypupdated port without querying the portmapper service, which would not trigger the rule.--Corrective Action:Limit remote access to RPC services.Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines. Disable unneeded RPC services.--Contributors:Original rule written by Max Vision <vision@whitehats.com>Modified by Brian Caswell <bmc@sourcefire.com>Sourcefire Research TeamJudy Novak <judy.novak@sourcefire.com>--Additional References:Bugtraqhttp://www.securityfocus.com/bid/1749CERThttp://www.cert.org/advisories/CA-1995-17.htmlArachnids http://www.whitehats.com/info/IDS125--

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -