Re: rpc.statd attacks
From: Crist J. Clark (cristjc@earthlink.net)
Date: 07/22/01
- Next message: Hajimu UMEMOTO: "Re: bin/22595: telnetd tricked into using arbitrary peer ip"
- Previous message: Keith Stevenson: "Re: telnetd root exploit"
- In reply to: serkoon: "Re: rpc.statd attacks"
- Next in thread: serkoon: "Re: rpc.statd attacks"
- Reply: serkoon: "Re: rpc.statd attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 22 Jul 2001 11:07:55 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: serkoon <serkoon@thedarkside.nl>
On Sun, Jul 22, 2001 at 12:52:08PM +0200, serkoon wrote:
> > However, since I have port 111 blocked in the firewall,
> > how in the world is even an error message being generated?
> > I have even portscanned and 111 is not open to the outside.
>
> Firewall UDP:111 or kill portmapd (if you don't need it).
1) You do not allow traffic to 111/tcp OR 111/udp, do you?
2) Just because you block port 111 doesn't mean people cannot attack
rpc.statd. Blocking 111 just makes finding the ports that rpc.statd
is listening on a little harder, but not difficult.
Don't "block" port 111. Pass only traffic you want and expect, block
everything else by default.
-- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Hajimu UMEMOTO: "Re: bin/22595: telnetd tricked into using arbitrary peer ip"
- Previous message: Keith Stevenson: "Re: telnetd root exploit"
- In reply to: serkoon: "Re: rpc.statd attacks"
- Next in thread: serkoon: "Re: rpc.statd attacks"
- Reply: serkoon: "Re: rpc.statd attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
