Date: Fri, 03 Aug 2001 19:31:03 -0400 From: Ted Sikora <tsikora@home.com> To: "freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG> Subject: Re: Bridge? Message-ID: <3B6B3437.530CBC51@home.com> References: <3B69300A.3EC4C67E@home.com> <20010803113511.A49580@diabolic-cow.chatgris.net> <3B6AAB5E.D42A8B28@home.com> <20010804002156.B51744@diabolic-cow.chatgris.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rémi Guyomarch wrote: > > On Fri, Aug 03, 2001 at 09:47:10AM -0400, Ted Sikora wrote: > > Rémi Guyomarch wrote: > > > > > > On Thu, Aug 02, 2001 at 06:48:42AM -0400, Ted Sikora wrote: > > > > I have stable on both cable and dsl. The following message (rpc.statd: > > > > invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^) > > > > has been a mainstay in stable for some time. I have 2 nic cards in the > > > > machines. Do I need the 'options BRIDGE' in the kernel? I just set up a > > > > firewall and that did not eliminate the messages. > > > > > > Someone is trying the Linux rpc.statd remote root exploit on your > > > machine. AFAIK it's harmless on your FreeBSD box. > > > > How can I protect my Linux machines? The messages have appeared there > > occasionally too. > > That's a baaaaaad sign. :-( > Check with your Linux vendor. They should be able to tell you if the > particular version you are running is vulnerable or not. > If it's vulnerable then reinstall thoses Linux boxes from scratch. > > > > If you have implemented a firewall, be sure to use the "default-deny" > > > method (ie deny everything and only let pass the things you actually > > > use). I bet you don't want to provide NFS services to everyone on the > > > earth... > > > > > That's what I did. > > /kernel: IP packet filtering initialized, divert enabled, rule-based > > forwarding disabled, default to deny, logging limited to 100 > > packets/entry by default > > Check your firewall rules. I can't really help there since I always > used IPFilter (on OpenBSD) and not ipfw. > > If you can't receive anything on the external NIC due to the > firewall rules and you still see the 'rpc.statd:' messages, then one > of your internal box is owned (maybe the Linux ones you mentioned > earlier). > > If you don't use NFS, then don't run portmapper. Search for 'portmap' > in "/etc/rc.conf". I need NFS I found a /root dir in /tmp? on a Slackware box. I reinstalled it and putting in a 'deny all' firewall as soon as I can. -- Ted Sikora admin@unixos2.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B6B3437.530CBC51>