updated 12:15 pm EDT, Tue June 12, 2001
Sustainable Softworks has released RPC Reporter 1.0, a free security utility that attempts to detect, deter and report attempted Remote Procedure Call (RPC) intrusions and to collect data to be reported to the National Infrastructure Protection Center (NIPC).
RPC Reporter runs under Mac OS 9.x and earlier detects port scans for holes in the RPC service, a common hole in UNIX-based systems that may allow machines to be used as a "zombie" for a later Distributed Denial of Service (DDoS) attack. The company says it is currently developing an OS X version of RPC Reporter.
While Mac OS 9.x and earlier Mac OS system software does not use the RPC
service, the port is visible to intruders who can "fingerprint" the MacOS
during an RPC-type port scan, according to Sustainable Softworks: "This can help an intruder identify the type of machine and perhaps launch a different attack (e.g. TCP File Sharing)." RPC Reporter is designed to completely block the port scanner and prevents fingerprinting.
When triggered, it offers an option to report the alert to a Sustainable Softworks site by holding down the shift key and closing the alert, thus reporting the intrusion incident, the exact date and time, the number of incidents from the intruder's, IP address in the past 24 hours and the number of incidents on the user's network in the past 24 hours.