RE: [fw-wiz] rpc.statd message log
From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 04/24/03
- Previous message: Robert E. Martin: "Re: [fw-wiz] rpc.statd message log"
- Maybe in reply to: Robert E. Martin: "[fw-wiz] rpc.statd message log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "\"Robert E. Martin\" <rmartin@fishburne.org>@AICNOTES" <IMCEANOTES-+22Robert+20E+2E+20Martin+22+20+3Crmartin+40fishburne+2Eorg+3E+40AICNOTES@sequoianet.com> Date: Thu, 24 Apr 2003 13:51:13 -0400
If it's RedHat 7.2, fully patched, then it should not be vulnerable. If you are using it for port forwarding and you know exactly what ports should be allowed to and from where, consider using iptables to prevent any traffic that you do not specifically wish to allow. This would have prevented an external attacker from connecting to statd even if it were running.
PaulM
> -----Original Message-----
> This is a Linux Red Hat 7.2 with all the latest patches working as a
> port forw box for our schools web server. This really is a low usage
> machine, compared to you big boys, and I have scanned it with a demo
> version of Retina. The results were great, as far as I can tell, in
> terms of open and shut ports. After I closed off the portmap service,
> the only port open now is 22 for ssl. Since yesterday, I have not seen
> this message in the logs. Amazing what a little maintenance will do.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Robert E. Martin: "Re: [fw-wiz] rpc.statd message log"
- Maybe in reply to: Robert E. Martin: "[fw-wiz] rpc.statd message log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
