From owner-freebsd-security  Thu Mar  8 10:35: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id 8886C37B718
	for <security@FreeBSD.ORG>; Thu,  8 Mar 2001 10:35:01 -0800 (PST)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id f28IZ0O30782;
	Thu, 8 Mar 2001 10:35:00 -0800
Date: Thu, 8 Mar 2001 10:35:00 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: "oldfart@gtonet" <oldfart@gtonet.net>
Cc: security@FreeBSD.ORG
Subject: Re: strange messages
Message-ID: <20010308103500.C13090@Odin.AC.HMC.Edu>
References: <20010308100755.A13090@Odin.AC.HMC.Edu> <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="wxDdMuZNg1r63Hyj"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <BIEHKEFNHFMMJEKCDMLNAEBHCGAA.oldfart@gtonet.net>; from oldfart@gtonet.net on Thu, Mar 08, 2001 at 10:28:07AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--wxDdMuZNg1r63Hyj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 08, 2001 at 10:28:07AM -0800, oldfart@gtonet wrote:
> Yeah, luckily, I run FreeBSD so I don't have to reboot much and most
> exploits are for Linux. }:-)> It's not bad(TM) to block all ports that you
> don't need open, anyway, and since I only NFS to my local LAN blocking it
> sounded right. I mainly wanted to see if that would stop the error messag=
es
> in question. A more permanent solution can be implemented at a later date.
> Can those RPC services be FORCED to run on a certain port or is that just
> superfluous because portmapper is blocked? It would make
> filtering/logging/reporting/busting easier.

A close firewall configuration could work if implemented correctly,
but the ports RPC services bind to are the same ones your outbound
TCP connections are bound to so you'll need stateful firewalling
to make it work.  You can force NFS to use only it's reserved port
(see /etc/defaults/rc.conf), but generally you can't dictate where RPC
services bind.  You're best bet is to disable rpc.statd unless you are
actually using it.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--wxDdMuZNg1r63Hyj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6p9DTXY6L6fI4GtQRAsx2AJ4q/kMmZng2+3Or3y7ZELEdGsUmJACeMgk8
G9iwbpAK58ece2ELUId5UxU=
=sL/7
-----END PGP SIGNATURE-----

--wxDdMuZNg1r63Hyj--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message