Re: Would a firewall prevent Sasser worm?

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 05/05/04

• Next message: ObiWan: "Re: IPSEC"
• Previous message: David W.E. Roberts: "Re: Self-issued certificates and commercial certificates."
• In reply to: Nigel Wade: "Re: Would a firewall prevent Sasser worm?"
• Next in thread: Bernd Felsche: "Re: Would a firewall prevent Sasser worm?"
• Reply: Bernd Felsche: "Re: Would a firewall prevent Sasser worm?"
• Reply: Nigel Wade: "Re: Would a firewall prevent Sasser worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 05 May 2004 14:16:07 GMT

On Wed, 05 May 2004 14:11:14 +0100, Nigel Wade spoketh

>
>There is no sun-rpc package in RH8 or RH9· Are you sure you've really
>installed them?
>
>If you actually meant the portmap package then that is only required by fam.
>Since fam is monitoring local filesystems there is no need to open port 111
>to anything other than the loopback interface. No vulnerability whatsoever.
>
>You should not equate Linux with Windows. Just because RPC on Windows is a
>security hole does not mean that RPC in Linux is also.

Cut from my /etc/services file on my RH8 box:

sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP

You were saying?

As for RPC being an issue on Linux, well, there may not be any known
issues at this time, but there has been in the past, and who knows
what's around the corner...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

---

• Next message: ObiWan: "Re: IPSEC"
• Previous message: David W.E. Roberts: "Re: Self-issued certificates and commercial certificates."
• In reply to: Nigel Wade: "Re: Would a firewall prevent Sasser worm?"
• Next in thread: Bernd Felsche: "Re: Would a firewall prevent Sasser worm?"
• Reply: Bernd Felsche: "Re: Would a firewall prevent Sasser worm?"
• Reply: Nigel Wade: "Re: Would a firewall prevent Sasser worm?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Would a firewall prevent Sasser worm? ... >If you actually meant the portmap package then that is only required by fam. ... >You should not equate Linux with Windows. ... >security hole does not mean that RPC in Linux is also. ... (comp.security.firewalls) Re: Would a firewall prevent Sasser worm? ... >If you actually meant the portmap package then that is only required by fam. ... >You should not equate Linux with Windows. ... >security hole does not mean that RPC in Linux is also. ... (comp.security.misc) Linux boot hint needed ... We're gettting further in getting linux to run on our board. ... Looking up port of RPC 100003/2 on 172.22.33.87 ... RPC: sendmsg returned error 101 ... Unable to mount root fs via NFS, ... (comp.os.linux.embedded) Re: Connecting to internet via Linux ... > I've got a Linux box running SUSE 9.2Pro and I'd like to setup my RPC (ROS ... > The Linux box is set to forward IP requests and the RPC has its gateway set ... *definitely* want to configure your proxy to use your ISP's web proxy. ... (comp.sys.acorn.networking) Connecting to internet via Linux ... I've got a Linux box running SUSE 9.2Pro and I'd like to setup my RPC (ROS ... Network functions fine as RPC can access servers running on Linux box. ... (comp.sys.acorn.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-05