Date: Thu, 12 Oct 2000 12:47:28 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Roman Shterenzon <roman@xpert.com> Cc: freebsd-stable@freebsd.org Subject: Re: rpc.statd Message-ID: <20001012124728.B21767@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.LNX.4.10.10010120959030.24589-100000@jamus.xpert.com>; from roman@xpert.com on Thu, Oct 12, 2000 at 10:02:41AM %2B0200 References: <20001012003222.N25121@149.211.6.64.reflexcom.com> <Pine.LNX.4.10.10010120959030.24589-100000@jamus.xpert.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 12, 2000 at 10:02:41AM +0200, Roman Shterenzon wrote: > On Thu, 12 Oct 2000, Crist J . Clark wrote: > > > > ..oh ..that?s a strange hostname. > > > > > > Which exploit is it that the attacker tries to use? I guess I?m not > > > vulnerable cause I?m still around ;) > > > > Most likely someone tried a Linux exploit on you, > > > > http://www.securityfocus.com/vdb/bottom.html?vid=1480 > > > > > Also, where can I find the ip of the attacker? Is it logged? > > > > Not 100% on this, but I think that is only logged if you used the '-d' > > option. See rpc.statd(8). > > Which makes me think... > How one protects rpc services rather then having default-deny policy on > outer interface? And if it's the only interface? > Of course it's possible to filter port 111 (or use /etc/hosts.allow), but > the attacker can contact the rpc.statd directly. > Is it possible to force some rpc service to some port so it can be > filtered? You have just explained why default-deny and only explictly allowing specific services is always the safest way. That said, I don't have rpc.statd running anywhere right now, but looking at a bunch of Solaris boxes with NFS exports, it seems to like to move around a lot and I see no documented method on any system to make it chose specific TCP and UDP ports. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001012124728.B21767>