HPE Community
Operating System - Tru64 Unix
1827861 Members
2104 Online
109969 Solutions
New Discussion

port 111 (RPC)

 
Jaro_2
Occasional Contributor

‎10-30-2003 01:03 AM

‎10-30-2003 01:03 AM

port 111 (RPC)

I realized that 'somebody' with a strange IP address was connected via port 111 to my server. I've killed portmap deamon which listens on this port. After that i am not able to logon from remote PC , nor console via SSH. Is it possible that the problem became, because of killing the portmap deamon? /i can logon via FTP/
0 Kudos
8 REPLIES 8
Mark Grant
Honored Contributor

‎10-30-2003 02:00 AM

‎10-30-2003 02:00 AM

Re: port 111 (RPC)

portmap is, indeed your problem. Further more, I think I'm right in saying that it needs to be started before all the other network services that register with it. So you might need to stop services and then start portmap. Or re-boot of course, if you can.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Jaro_2
Occasional Contributor

‎10-30-2003 02:29 AM

‎10-30-2003 02:29 AM

Re: port 111 (RPC)

Yes, I have to restart processes
which are registered with portmap
after stopping and starting portmap,
but such a processes are related somehow
to logon process? Why can I not login?
As I know NFS is using it, but something
participating in logon process?
0 Kudos
Mark Grant
Honored Contributor

‎10-30-2003 02:44 AM

‎10-30-2003 02:44 AM

Re: port 111 (RPC)

Good point!

It's not only nfs that uses portmap, several applications use it too but unless you have automounted NFS home directories I'm not entirely sure it's the issue. I still think that portmap is your problem. I take it you can't actually re-boot this achine?
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Joris Denayer
Respected Contributor

‎10-30-2003 03:44 AM

‎10-30-2003 03:44 AM

Re: port 111 (RPC)

Jaro,

I tried this on my workstation.
And I was still able to login via a telnet session to the system. (as root)
But, after the login/passwd sequence it took much longer before the shell prompt appeared. Probably some nfs/nis issues during shell startup.

ftp logon works ==> inetd process runs.

If you don't get the login prompt, then you should check /etc/inetd.conf and /etc/services for the appropriate entries.

f.i:
in /etc/services
telnet 23/tcp

in /etc/inetd/conf
telnet stream tcp nowait root /usr/sbin/telnetd


Joris






To err is human, but to really faul things up requires a computer
0 Kudos
Jaro_2
Occasional Contributor

‎10-30-2003 08:55 PM

‎10-30-2003 08:55 PM

Re: port 111 (RPC)

I've make a mistake. I clicked on "new message" inspite of "replay". /hi/

so once again.

The files /etc/inetd.conf and /etc/services have appropiate entries.

Where or how can i find out which processes are registered on portmap. So that i could stop it.
j
0 Kudos
Joris Denayer
Respected Contributor

‎10-30-2003 09:36 PM

‎10-30-2003 09:36 PM

Re: port 111 (RPC)

Use

# rpcinfo -p

See also # man rpcinfo

Joris
To err is human, but to really faul things up requires a computer
0 Kudos
Ralf Puchner
Honored Contributor

‎10-30-2003 10:36 PM

‎10-30-2003 10:36 PM

Re: port 111 (RPC)

the portmapper is the port-manager for RPC communication (man portmap). FTP is not a RPC service it is triggered by inetd (man ftpd, inetd)

So if you kill the portmapper no other service can open new connections to rcp services. Restarting portmap will not help because each rpc service register it port number to the portmap during startup.

Stop/restart whole RPC (via /sbin/init.d/nfs).

Be sure you have installed the latest security patches for RPC fixes or contact your local support center for assistent.

Help() { FirstReadManual(urgently); Go_to_it;; }
0 Kudos
Spider Boardman
Advisor

‎01-15-2004 09:15 AM

‎01-15-2004 09:15 AM

Re: port 111 (RPC)

It sounds like you're running with Enhanced Security, and you killed the portmap process without also stopping prpasswdd. If you really want to run without the portmapper, you'll need to disable prpasswdd's start-up as well. This means renaming or removing the /sbin/rc?.d/S??prpasswd symlink(s), since otherwise the script will start a portmapper even if it can't start prpasswdd. That's because prpasswdd definitely can't be started without a portmapper.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.