Date: Sun, 22 Jul 2001 23:06:07 +0200 From: "serkoon" <serkoon@thedarkside.nl> To: <freebsd-security@freebsd.org> Subject: Re: rpc.statd attacks Message-ID: <002501c112f2$208d47c0$0200000a@kilmarnock> References: <Pine.BSF.4.33.0107220020480.926-100000@jimslaptop.int> <002e01c1129c$5b0ef6b0$0200000a@kilmarnock> <20010722110755.B323@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris wrote: > Don't "block" port 111. Pass only traffic you want and expect, block > everything else by default. Yes, I should have made that more clear, but since I don't have it setup that way, at least for UDP, it didn't occur to me. One should use stateful filtering for this to work right. (Don't ever allow udp from any:53 to $yourip). With regards To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c112f2$208d47c0$0200000a>