[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [Raq3i] securely using rpc.statd and other rpc services
- Subject: Re: [cobalt-security] [Raq3i] securely using rpc.statd and other rpc services
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Sat, 4 Nov 2000 20:41:38 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sat, 4 Nov 2000, Linking Internet - Peter Batenburg wrote:
<snip>
> #!/usr/bin/perl
> system("/sbin/ipchains -A input -p tcp -s 0/0 -d 0/0 111 -j REJECT");
<snip>
Rather depressingly, ipchains isn't defautly installed on RaQ's. It can
be downloaded by doing a search for ipchains on freshmeat.net.
I can't really see any reason for running rpc.statd on a RaQ either, so I
would recommend just killing it off if you find it. statd is a common
cause of breakins to linux boxes, because of exploits like statdx.c and
the various ones for solaris.
As an aside, something I've done with my RaQ in the last few days is used
ipchains to block all outgoing and incoming network connections, and then
enabled only the stuff I need.
That being outgoing port 80, 21 and udp to port 53 (for dns), and incoming
port 80, 21, mysql, pop3 and smtp. All icmp and igmp is blocked. Makes
it a lot harder for users (or abusers) to mess around.
Gossi