toggle

AAPL Stock: 443.28 ( + 3.62 )

http://www.macnn.com/articles/01/06/12/rpc.reporter/

RPC Reporter 1.0: Security tool

updated 12:15 pm EDT, Tue June 12, 2001

 
", 0, 0);


Sustainable Softworks has released RPC Reporter 1.0, a free security utility that attempts to detect, deter and report attempted Remote Procedure Call (RPC) intrusions and to collect data to be reported to the National Infrastructure Protection Center (NIPC).

RPC Reporter runs under Mac OS 9.x and earlier detects port scans for holes in the RPC service, a common hole in UNIX-based systems that may allow machines to be used as a "zombie" for a later Distributed Denial of Service (DDoS) attack. The company says it is currently developing an OS X version of RPC Reporter.

While Mac OS 9.x and earlier Mac OS system software does not use the RPC
service, the port is visible to intruders who can "fingerprint" the MacOS
during an RPC-type port scan, according to Sustainable Softworks: "This can help an intruder identify the type of machine and perhaps launch a different attack (e.g. TCP File Sharing)." RPC Reporter is designed to completely block the port scanner and prevents fingerprinting.

When triggered, it offers an option to report the alert to a Sustainable Softworks site by holding down the shift key and closing the alert, thus reporting the intrusion incident, the exact date and time, the number of incidents from the intruder's, IP address in the past 24 hours and the number of incidents on the user's network in the past 24 hours.


by MacNN Staff

Post tools:

TAGS :

 software, Other Applications

Related Articles

Recent Articles

toggle

Comments

  1. 0

    Joined:

    0
    06/12, 01:01pm | report spam | Reply | delete

    BOOYAA

    I got the first post, therefore I am better than the rest of you. Cool, huh?

  1. 0

    Joined:

    0
    06/12, 02:06pm | report spam | Reply | delete

    ummm

    you suck

  1. 0

    Joined:

    0
    06/12, 03:44pm | report spam | Reply | delete

    yep

    //I agree, you suck.

    I'm glad this software is free, but does it really matter to most people? Macs are fairly hack-proof in the first place, and Sust. Softworks is using this utility mainly to get people to use their other products, IPNetSentry, IPNetRouter, and IPNetMonitor. Maybe when they come out with a Mac OS X version will it actually make sense to have it.

    Such is capitalism.

  1. 0

    Joined:

    0
    06/12, 04:11pm | report spam | Reply | delete

    Huh?

    It's unclear how filtering the sunrpc port will help prevent TCP/IP stack (OS) fingerprinting. You need any listener on an open port and any closed port to do that reliably; port 111 is as closed on a Mac as any other port, so unless you filter everything (like on a filtering router or a real firewall) you're accomplishing nothing toward that end by running this tool (and if you do filter everything the tool does nothing at all). The main purpose seems to be to satisfy the author's curiousity with the reports the tool can help submit. That's fine, but spare us the fearmongering.

    I've watched a good many networks for incoming connection attempts, and portmapper attempts don't number in the majority anyway. Most people will just look for a telnet, FTP, or SMB port to start with, because they're interested in identifying and/or breaking into Unix or Windows boxen. Classic Macs don't make very appealing targets. Beyond that, most port scan attempts aren't presage to an attack, they're just random poking around by the curious or bored (including myself). Say you do identify someone repeatedly probing your Mac's RPC port - in what way will this information be useful to you? It's a bit like watching the news - seemingly interesting but actually useless info. If on the other hand you have a real network to protect, you're going to need a lot more than this.

    Maybe it's a slightly educational toy for some people, but I suspect the alarmist FUD component outweighs the benefits.

  1. 0

    Joined:

    0
    06/13, 02:30am | report spam | Reply | delete

    anyway

    I really dont have the personal knowledge to evaluate the other posts. However, I can say from personal experience that Sustainable Softworks is a reliable company of high integrity. May be it is marketing, but it seems to me that in mixed OS networks, detecting this portscan would be benificial. At that point they don't know that its a classic Mac they're scanning right? Then you know you need to protect your other OS machines? Right?

  1. 0

    Joined:

    0
    06/13, 01:19pm | report spam | Reply | delete

    not really

    But it's only really beneficial if you know they're scanning for that port specifically (as opposed to say, doing a typical scan of ports 1-200). Since this affects Unix hosts, at that point the portmapper is spitting complaints into the messages log on those hosts anyway.

    It's nice to see someone trying to make Macs good little network citizens, but there isn't much real use for this particular tool. It's a free download if you want to play with it - just don't go getting any false sense of security.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News