From owner-freebsd-security Thu Mar 8 11:13:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from poontang.schulte.org (poontang.schulte.org [209.134.156.197]) by hub.freebsd.org (Postfix) with ESMTP id 3CB6737B719 for ; Thu, 8 Mar 2001 11:13:16 -0800 (PST) (envelope-from christopher@schulte.org) Received: from ronayne.schulte.org (nb-22.netbriefings.com [204.72.185.22]) by poontang.schulte.org (8.9.3/8.9.3) with ESMTP id NAA61359; Thu, 8 Mar 2001 13:12:55 -0600 (CST) (envelope-from christopher@schulte.org) Message-Id: <5.0.2.1.0.20010308130833.00adec88@pop.schulte.org> X-Sender: schulte@pop.schulte.org X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Thu, 08 Mar 2001 13:12:41 -0600 To: Brooks Davis , "oldfart@gtonet" From: Christopher Schulte Subject: Re: strange messages Cc: security@FreeBSD.ORG In-Reply-To: <20010308103500.C13090@Odin.AC.HMC.Edu> References: <20010308100755.A13090@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:35 AM 3/8/2001 -0800, Brooks Davis wrote: >but the ports RPC services bind to are the same ones your outbound >TCP connections are bound to so you'll need stateful firewalling >to make it work. You can convince the kernel to use a more user-defined port range(s) for dynamic outbound connections with a few sysctl vars, thus making firewall confs a bit easier to craft and maintain: `sysctl -a | grep portrange` >You can force NFS to use only it's reserved port >(see /etc/defaults/rc.conf), but generally you can't dictate where RPC >services bind. You're best bet is to disable rpc.statd unless you are >actually using it. It's always a good idea to turn a service off if you're not using it. ;p >-- Brooks > >-- >Any statement of the form "X is the one, true Y" is FALSE. >PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message