> Yes. Blocking port 111 is not enough; it is far too easy to just fire > NIS requests at every port number in the appropriate range - there are > only a few thousand of them. If you're running a mostly stock setup, > one can almost predict the port NIS will use a priori. Its very easy to scan for services using RPC since they respond in a uniform manner to RPC formatted packets that you send to them. You can scan a large range of udp ports in a relatively small amount of time. The RPC daemon will also respond in a particular way if you give it the right program number so you can go through a list of well known program numbers and determine which service is on a port once you know a port is talking RPC. > der Mouse > mouse@collatz.mcrcim.mcgill.edu