snort.org
Open in
urlscan Pro
2606:4700::6812:8b09
Public Scan
URL:
https://snort.org/rule_docs/1-1923
Submission: On January 16 via manual from VE — Scanned from DE
Submission: On January 16 via manual from VE — Scanned from DE
Form analysis 1 forms found in the DOM
GET /search
<form action="/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off">
<input type="text" name="q" id="q" class="form-control" placeholder="Search...">
<button id="submit_search" class="btn btn-default snort_search_btn" name="submit_search" type="submit">
<span class="glyphicon glyphicon-search"></span></button>
<a class="btn btn-default snort_search_btn" href="/rule-docs-search">
<span>Rule Doc Search</span>
</a>
</form>Text Content
* Sign In Toggle navigation * * Documents * Downloads * Products * Community * Talos * Resources * Contact Rule Doc Search * Get Started * Documents * Blogs * Official Documentation * Additional Resources * Preprocessor Documentation * Latest Rule Documents * Snort * Rules * OpenAppID * IP Block List * Additional Downloads * Rule Subscriptions * Education / Certification * Mailing Lists * Snort Calendar * Snort Scholarship * Submit a Bug * Talos Advisories * Additional Talos Resources * Videos * Documents * Whom should I contact? * The Snort Team SID 1:1923 * Rule Documentation * References * MITRE Details Report a false positive RULE CATEGORY PROTOCOL-RPC -- Snort has detected traffic that may indicate the presence of the rpc protocol or vulnerabilities in the rpc protocol on the network. ALERT MESSAGE PROTOCOL-RPC portmap proxy attempt UDP RULE EXPLANATION This event is generated when an attempt is made to forward a Remote Procedure Call (RPC) request through the portmapper service. Impact: Information disclosure. This can detect and request RPC services offered. Details: The RPC "callit" procedure allows the portmapper to act as a proxy to forward requests to other RPC services offered by the host. This allows an attacker to call an RPC service on the same host without knowing the port number associated with the RPC service. Ease of Attack: Simple. WHAT TO LOOK FOR No information provided KNOWN USAGE No public information FALSE POSITIVES Known false positives, with the described conditions According to RFC 1057, this proxy feature supports broadcasts to RPC services using the well-known portmapper port. This rule also generates an event when legitimate hosts attempt to use the proxy feature. CONTRIBUTORS Cisco Talos Brian Caswell Judy Novak Nigel Houghton RULE GROUPS No rule groups CVE None RULE VULNERABILITY No information provided CVE ADDITIONAL INFORMATION THIS PRODUCT USES DATA FROM THE NVD API BUT IS NOT ENDORSED OR CERTIFIED BY THE NVD. None Privacy Policy | Snort License | FAQ | Sitemap Follow us on twitter -------------------------------------------------------------------------------- ©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.