Tutorial - Rstatd vulnerability
Rstatd Vulnerability
Summary
rstatd: This rpc process provides information on a coputer's performance.
Impact
A hacker could determine trends on system utilization to pre-plan his
attack.
Problem
The rstatd replies to a query with information about the computer'sperformance.
By default, this function is available to all network users regardless of
access privilege. It provides the hacker with an excellant tool to detrmine
the best (i.e., least busy) time to do his work.
Resolution
- If possible, disable rstatd in inetd.conf or in one of the rc.d S*
files. This may be problematic in SUN environments where the permeter
is used. Perfmeter requires rstatd, even if the performance monitoring
is local.
- If disabling is an issues, configure the portmapper to allow only
requests from "friendly sites".