Re: buffer overflows in rpc.statd?

From: Cy Schubert - ITSD Open Systems Group (
Date: 01/26/01

From: Cy Schubert - ITSD Open Systems Group <>
To: Dan Debertin <>
Date: Fri, 26 Jan 2001 13:03:17 -0800

In message <
t>, Dan
 Debertin writes:
> On Fri, 26 Jan 2001, Crist J. Clark wrote:
> >
> > I wanted to point out that you cannot really 'block' RPC services
> > effectively with ipfw(8) rules. RPC services do not live on certain
> > well-known ports[0]. The only way you can effectively block RPC
> > services is with default deny rules.
> I've gotten around this in the past by putting 'rpcinfo -p | awk' commands
> in rc.firewall, polling the portmapper on protected hosts and then
> building firewall rules dynamically for them. It doesn't completely work,
> because you have to flush & reload your rules when an NFS server bounces,
> but for cases where that's "good enough", it does the job.

This only works if the services you're protecting are running on the
the firewall itself.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet:
Open Systems Group, ITSD, ISTA
Province of BC

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message