Re: buffer overflows in rpc.statd?

From: Dan Debertin (airboss@bitstream.net)
Date: 01/26/01


Date: Fri, 26 Jan 2001 11:51:53 -0600 (CST)
From: Dan Debertin <airboss@bitstream.net>
To: <cjclark@alum.mit.edu>

On Fri, 26 Jan 2001, Crist J. Clark wrote:

>
> I wanted to point out that you cannot really 'block' RPC services
> effectively with ipfw(8) rules. RPC services do not live on certain
> well-known ports[0]. The only way you can effectively block RPC
> services is with default deny rules.

I've gotten around this in the past by putting 'rpcinfo -p | awk' commands
in rc.firewall, polling the portmapper on protected hosts and then
building firewall rules dynamically for them. It doesn't completely work,
because you have to flush & reload your rules when an NFS server bounces,
but for cases where that's "good enough", it does the job.

~Dan D.

--
++ Unix is the worst operating system, except for all others.
++ Dan Debertin
++ Senior Systems Administrator
++ Bitstream Underground, LLC
++ airboss@bitstream.net
++ (612)321-9290 x108
++ GPG Fingerprint: 0BC5 F4D6 649F D0C8 D1A7  CAE4 BEF4 0A5C 300D 2387
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message