Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1955 |
Message | RPC AMD TCP version request |
Summary | This event is generated when a request is made to discover the version and configuration information associated with the Remote Procedure Call (RPC) amd. |
Impact | Information disclosure. This request can allow an attacker to discover the version of amd running as well as other configuration information about the host. |
Detailed Information | The amd RPC service implements the automounter daemon on UNIX hosts. The amd service automatically mounts and unmounts requested file systems. An attacker can make a request to amd to discover its version number. A successful request will return the version number along with other valuable configuration information about the server, including the architecture. |
Affected Systems | Any system running amd. |
Attack Scenarios | An attacker may request the version number associated with amd. The response may give an attacker valuable configuration information about the host. |
Ease of Attack | Simple. Execute the command 'amq -v -T -h hostname/IP' |
Corrective Action | Limit remote access to RPC services. Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines. Disable unneeded RPC services. |
Additional References |
--
DID:757734
--
http://www.aanval.com/