Re: buffer overflows in rpc.statd?

From: Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca)
Date: 01/26/01


From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To: Dan Debertin <airboss@bitstream.net>
Date: Fri, 26 Jan 2001 13:03:17 -0800

In message <Pine.LNX.4.30.0101261148270.18352-100000@dmitri.bitstream.ne
t>, Dan
 Debertin writes:
> On Fri, 26 Jan 2001, Crist J. Clark wrote:
>
> >
> > I wanted to point out that you cannot really 'block' RPC services
> > effectively with ipfw(8) rules. RPC services do not live on certain
> > well-known ports[0]. The only way you can effectively block RPC
> > services is with default deny rules.
>
> I've gotten around this in the past by putting 'rpcinfo -p | awk' commands
> in rc.firewall, polling the portmapper on protected hosts and then
> building firewall rules dynamically for them. It doesn't completely work,
> because you have to flush & reload your rules when an NFS server bounces,
> but for cases where that's "good enough", it does the job.

This only works if the services you're protecting are running on the
the firewall itself.

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message