Re: [PATCH] Force mountd(8) to a specified port.

• Previous message: Darren Reed: "someone please unsubscribe this person from freebsd-security?"
• In reply to: Bruce M Simpson: "[PATCH] Force mountd(8) to a specified port."
• Next in thread: Bruce M Simpson: "Re: [PATCH] Force mountd(8) to a specified port."
• Reply: Bruce M Simpson: "Re: [PATCH] Force mountd(8) to a specified port."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bms@spc.org (Bruce M Simpson)
Date: Wed, 3 Mar 2004 10:24:25 +1100 (Australia/ACT)

In some mail from Bruce M Simpson, sie said:
> Hi all,
>
> I have a requirement to run NFS read-only in an Internet-facing colocation
> environment. I am not happy with packet filters alone around rpcbind, call
> me paranoid, so I just spent the last few minutes cutting this patch.
>
> As you are aware, RPC applications can be forced to listen on a known port
> through the sin/sa argument to bindresvport[_sa](). Why several Linux
> distributions have this feature yet none of the BSDs do is beyond me...
>
> Please let me know your thoughts. If there are no valid objections I plan
> to commit it.

I'm confused by your first paragraph...the primary purpose of a patch
like this would be, I imagine, to support being able to write filter
rules for your firewall with a specific port defined rather than have
to determine it after rpcbind & mountd have started.

Darren
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Darren Reed: "someone please unsubscribe this person from freebsd-security?"
• In reply to: Bruce M Simpson: "[PATCH] Force mountd(8) to a specified port."
• Next in thread: Bruce M Simpson: "Re: [PATCH] Force mountd(8) to a specified port."
• Reply: Bruce M Simpson: "Re: [PATCH] Force mountd(8) to a specified port."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [PATCH] Force mountd(8) to a specified port. ... environment. ... I am not happy with packet filters alone around rpcbind, ... me paranoid, so I just spent the last few minutes cutting this patch. ... (FreeBSD-Security) Re: rpcbind lingering on IP no longer specified on command line ... > CD>> As I sometimes looked into this, rpcbind (formely portmap) listens on all ... > CD> Please test this patch. ... (freebsd-stable) Re: Problem with port 0 ... What does "reserved" mean by IANA. ... I know in SCTP we defined that port 0 is NOT to ... I did an experiment with rpcbind whereby I performed a UDP based rpcinfo query from one FreeBSD machine to another, captured the traffic, and used tcpreplay to inject it from source port 0. ... (freebsd-net) Re: portscan looks like.... ... > 1023/tcp open netvenuechat ... i made a faux pas when i configured this machine and had made ... Could the rpcbind allowed someone ... First try to disable rpcbind and look afterwards, if port 1023 is still ... (freebsd-questions) Re: portscan looks like.... ... >> PORT STATE SERVICE ... Could the rpcbind allowed someone ... automated or semi-automated attacks /intended for Linux or Windows ... of the security/tripwire ports, ... (freebsd-questions)