Date: Sat, 4 Aug 2001 00:21:56 +0200 From: =?iso-8859-1?Q?R=E9mi_Guyomarch?= <rguyom@pobox.com> To: freebsd-stable@FreeBSD.ORG Subject: Re: Bridge? Message-ID: <20010804002156.B51744@diabolic-cow.chatgris.net> In-Reply-To: <3B6AAB5E.D42A8B28@home.com>; from tsikora@home.com on Fri, Aug 03, 2001 at 09:47:10AM -0400 References: <3B69300A.3EC4C67E@home.com> <20010803113511.A49580@diabolic-cow.chatgris.net> <3B6AAB5E.D42A8B28@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 03, 2001 at 09:47:10AM -0400, Ted Sikora wrote: > Rémi Guyomarch wrote: > > > > On Thu, Aug 02, 2001 at 06:48:42AM -0400, Ted Sikora wrote: > > > I have stable on both cable and dsl. The following message (rpc.statd: > > > invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^) > > > has been a mainstay in stable for some time. I have 2 nic cards in the > > > machines. Do I need the 'options BRIDGE' in the kernel? I just set up a > > > firewall and that did not eliminate the messages. > > > > Someone is trying the Linux rpc.statd remote root exploit on your > > machine. AFAIK it's harmless on your FreeBSD box. > > How can I protect my Linux machines? The messages have appeared there > occasionally too. That's a baaaaaad sign. :-( Check with your Linux vendor. They should be able to tell you if the particular version you are running is vulnerable or not. If it's vulnerable then reinstall thoses Linux boxes from scratch. > > If you have implemented a firewall, be sure to use the "default-deny" > > method (ie deny everything and only let pass the things you actually > > use). I bet you don't want to provide NFS services to everyone on the > > earth... > > > That's what I did. > /kernel: IP packet filtering initialized, divert enabled, rule-based > forwarding disabled, default to deny, logging limited to 100 > packets/entry by default Check your firewall rules. I can't really help there since I always used IPFilter (on OpenBSD) and not ipfw. If you can't receive anything on the external NIC due to the firewall rules and you still see the 'rpc.statd:' messages, then one of your internal box is owned (maybe the Linux ones you mentioned earlier). If you don't use NFS, then don't run portmapper. Search for 'portmap' in "/etc/rc.conf". -- Rémi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010804002156.B51744>