From owner-freebsd-security  Sun Apr 22 10:36:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 3D51B37B423
	for <freebsd-security@FreeBSD.ORG>; Sun, 22 Apr 2001 10:36:21 -0700 (PDT)
	(envelope-from des@ofug.org)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id TAA54362;
	Sun, 22 Apr 2001 19:36:22 +0200 (CEST)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: =?iso-8859-1?q?P=E4r?= Thoren <t98pth@student.bth.se>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: rpc.statd attack
References: <Pine.GSO.4.21.0104202315040.27489-100000@helios>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 22 Apr 2001 19:36:21 +0200
In-Reply-To: <Pine.GSO.4.21.0104202315040.27489-100000@helios>
Message-ID: <xzpitjwkfai.fsf@flood.ping.uio.no>
Lines: 10
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

P=E4r Thoren <t98pth@student.bth.se> writes:
> Ok when I get portscanned...but these guys tries to exploit my ass.

Why is rpc.statd running?  If you really need it (for NFS on your LAN,
I presume), why isn't portmap or rpcbind firewalled off so only local
hosts can access it?

DES
--=20
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message