From owner-freebsd-security Sun Jul 22 17:18: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by hub.freebsd.org (Postfix) with ESMTP id EF1C737B403 for ; Sun, 22 Jul 2001 17:17:57 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from jimslaptop.int (jimslaptop.int [192.168.5.8]) by w2xo.pgh.pa.us (8.11.3/8.11.3) with ESMTP id f6N0Plm29972; Sun, 22 Jul 2001 20:25:47 -0400 (EDT) (envelope-from durham@w2xo.pgh.pa.us) Date: Sun, 22 Jul 2001 20:18:12 -0400 (EDT) From: Jim Durham X-X-Sender: To: serkoon Cc: Subject: Re: rpc.statd attacks In-Reply-To: <002501c112f2$208d47c0$0200000a@kilmarnock> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 22 Jul 2001, serkoon wrote: > Chris wrote: > > > Don't "block" port 111. Pass only traffic you want and expect, block > > everything else by default. > > Yes, I should have made that more clear, but since I don't have it setup > that way, at least for UDP, it didn't occur to me. One should use > stateful filtering for this to work right. (Don't ever allow udp from any:53 > to $yourip). > > With regards > I'm not allowing packets "in via outside_interface", either tcp or udp to port 111. Obviously, if I blocked 111 internally, my NFS would quit! I gather this is wrong. Would someone explain why? -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message