logo

Port 32771 – RPC Services (Dynamic Port Range)

Service:

Legacy RPC services

Protocol:

TCP

Port:

32771 (may vary)

Used for:

Dynamically assigned ports for RPC services

Why It’s Open

This is often part of older RPC implementations or poorly defined firewall rules. The default dynamic port range for many UNIX RPC services includes 32771.

Common Risks

  • Unknown Services: Hard to pin down what’s running on these ports.
  • Bypass Filtering: May slip past basic firewall rules.
  • Remote Exploits: Vulnerabilities in legacy RPC services.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Port scan

Terminal window
nmap -p 32771
nmap -sT -p 32771


rpcinfo -p

Use rpcinfo and Wireshark to analyze service behavior

What to Look For

CheckpointWhat it means
Port in use but undocumentedLikely misconfigured service
Accessible externallyIncreases attack surface

Known Exploits

  1. CVE-1999-0002

A buffer overflow in NFS mountd allows remote attackers to gain root access, primarily affecting Linux systems.

🔗 NVD Entry

🔗 Red Hat Advisory

Mitigation

  • Restrict RPC port ranges or define static ones.
  • Block high ports externally unless required.
  • Replace or disable legacy services.

Real-World Example

Port 32771 has appeared in worm activity and metasploit modules exploiting misconfigured RPC services in the wild.

TL;DR

  • Service: RPC (Remote Procedure Call)
  • Default Port: 32771/TCP
  • Risks: Remote code execution, unauthorized access
  • Mitigation: Restrict access, apply patches, monitor RPC services