UDP 32768
Synopsis
- UDP 32768 is commonly used by ONC/Sun RPC services on Unix-like systems because rpcbind/portmapper assigns high UDP ports that often start at 32768 on older platforms.
- Real-world examples include NFS components such as rpc.statd (NSM) and, on older default setups, rpc.mountd on Linux (nfs-utils) and Solaris, which frequently ended up on UDP 32768 unless explicitly pinned to another port.
- Classic SunOS/Solaris RPC daemons like rstatd, rusersd, sprayd, and walld have also been observed running on UDP 32768 via portmapper.
- Due to this, attackers historically scanned and exploited RPC services exposed on UDP 32768 (e.g., the rpc.statd remote exploit, CVE-2000-0666), and some RPC services have been abused in reflection/amplification DDoS when left open to the internet.
- Modern systems often fix these daemons to specific ports or firewall them, but legacy hosts still sometimes show activity on UDP 32768.
Observed activity
Last 30 days
Detailed chart