PROTOCOL-RPC -- Snort has detected traffic that may indicate the presence of the rpc protocol or vulnerabilities in the rpc protocol on the network.
PROTOCOL-RPC network-status-monitor mon-callback request TCP
Network Status Monitor (NSM) is used to indicate wether a host is up or for its status. Impact: Intelligence gathering about the current state of a host and wether rpc services are available. Details: NSM runs on client machines and informs other hosts of the status of that machine should a crash or reboot occur. Each remote application using an rpc service can therefore register with the host when services are once again available. A request made to a machine will indicate to the attacker the status of that host and will also be indicative of rpc services being available. The attacker might then continue to ascertain which rpc services are being offered and then launch an attack on vulnerable daemons. Ease of Attack: Simple
No information provided
No public information
No known false positives
Cisco Talos Brian Caswell Nigel Houghton
No rule groups
None
No information provided
None