The RPC Keyword
The
rpc keyword identifies Open Network Computing Remote
Procedure Call (ONC RPC) services in TCP or UDP packets. This allows you to
detect attempts to identify the RPC programs on a host. Intruders can use an
RPC portmapper to determine if any of the RPC services running on your network
can be exploited. They can also attempt to access other ports running RPC
without using portmapper. The following table lists the arguments that the
rpc keyword accepts.
|
Argument |
Description |
|---|---|
|
application |
The RPC application number |
|
procedure |
The RPC procedure invoked |
|
version |
The RPC version |
To specify the arguments for the
rpc keyword, use the following syntax:
application,procedure,version
where application is the RPC application number, procedure is
the RPC procedure number, and version is the RPC version number. You must
specify all arguments for the
rpc keyword — if you are not able to specify one of the
arguments, replace it with an asterisk (*).
For example, to search for RPC portmapper (which is the RPC
application indicated by the number 100000), with any procedure or version, use
100000,*,* as the arguments.