From owner-freebsd-security Sun Jul 22 14: 4:44 2001 Delivered-To: freebsd-security@freebsd.org Received: from thedarkside.nl (cc31301-a.assen1.dr.nl.home.com [213.51.66.128]) by hub.freebsd.org (Postfix) with ESMTP id 16A2137B405 for ; Sun, 22 Jul 2001 14:04:41 -0700 (PDT) (envelope-from serkoon@thedarkside.nl) Received: (from root@localhost) by thedarkside.nl (?/8.9.3) id f6ML4e725422 for freebsd-security@freebsd.org; Sun, 22 Jul 2001 23:04:40 +0200 (CEST) (envelope-from serkoon@thedarkside.nl) Received: from kilmarnock (kilmarnock [10.0.0.2]) by thedarkside.nl (?/8.9.3av) with SMTP id f6ML4aX25414 for ; Sun, 22 Jul 2001 23:04:36 +0200 (CEST) (envelope-from serkoon@thedarkside.nl) Message-ID: <002501c112f2$208d47c0$0200000a@kilmarnock> From: "serkoon" To: References: <002e01c1129c$5b0ef6b0$0200000a@kilmarnock> <20010722110755.B323@blossom.cjclark.org> Subject: Re: rpc.statd attacks Date: Sun, 22 Jul 2001 23:06:07 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Chris wrote: > Don't "block" port 111. Pass only traffic you want and expect, block > everything else by default. Yes, I should have made that more clear, but since I don't have it setup that way, at least for UDP, it didn't occur to me. One should use stateful filtering for this to work right. (Don't ever allow udp from any:53 to $yourip). With regards To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message