[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [Raq3i] securely using rpc.statd and otherrpc services
- Subject: Re: [cobalt-security] [Raq3i] securely using rpc.statd and otherrpc services
- From: Theodore Jones <theoj@xxxxxxxxxxxxx>
- Date: Sat, 04 Nov 2000 14:20:16 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Gossi,
Very cool suggestions. ipchains is not too difficult or dissruptive to a
RaQ3i's customized setup? Do you have to recompile the kernal or anything?
~ Theo
Gossi The Dog wrote:
> On Sat, 4 Nov 2000, Linking Internet - Peter Batenburg wrote:
>
> <snip>
>
> > #!/usr/bin/perl
> > system("/sbin/ipchains -A input -p tcp -s 0/0 -d 0/0 111 -j REJECT");
>
> <snip>
>
> Rather depressingly, ipchains isn't defautly installed on RaQ's. It can
> be downloaded by doing a search for ipchains on freshmeat.net.
>
> I can't really see any reason for running rpc.statd on a RaQ either, so I
> would recommend just killing it off if you find it. statd is a common
> cause of breakins to linux boxes, because of exploits like statdx.c and
> the various ones for solaris.
>
> As an aside, something I've done with my RaQ in the last few days is used
> ipchains to block all outgoing and incoming network connections, and then
> enabled only the stuff I need.
>
> That being outgoing port 80, 21 and udp to port 53 (for dns), and incoming
> port 80, 21, mysql, pop3 and smtp. All icmp and igmp is blocked. Makes
> it a lot harder for users (or abusers) to mess around.
>
> Gossi