I'm trying to figure out what in this signature is defining it as "proxied". I captured packets that triggered the sig, and all the packet data matches the trigger. I'm just missing what makes this an issue, and why. I've googled all over the place and can't find much information on this particular issue.
The only think I can think (although the signature doesn't seem to have the criteria in it) is that the packets that trigger this are going to a broadcast address.
If someone could shed some light on this one I'd appreciate it! Below is a captrued packet that triggered the sig.
There are two procedures defined in the rpcbind (v3/v4) or portmapper (v1/v2) protocol that can be used to indirectly call any RPC service on the target host. Procedure 5 of the rpcbind/portmapper service is usually used to call some other procedure (UMNTALL in your case) of some other RPC program (mountd in your case) on several machines (via directed broadcast). Procedure 10 of rpcbind/portmaper service is usually used to indirecly call another RPC service via unicast.
Many RPC programs operate this way: rwall, rup, rusers, etc. (don't think umountall should do this).
The problem here is that the target RPC program thinks that the call comes from the local machine (probably 127.0.0.1 address) and security provided by TCP_WRAPPERS (or other access control mechanism, based on the source IP address, such as ACLs in "share" NFS command) can easyly be bypassed. This is a huge security hole, created by Sun Microsystems in their RPC specification.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :