From owner-freebsd-stable  Thu Jan 13  4: 9:43 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from tank.skynet.be (tank.skynet.be [195.238.2.35])
	by hub.freebsd.org (Postfix) with ESMTP id 10F3B155AB
	for <freebsd-stable@FreeBSD.ORG>; Thu, 13 Jan 2000 04:09:37 -0800 (PST)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by tank.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id NAA13414;
	Thu, 13 Jan 2000 13:09:16 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v0422080bb4a3701b5982@[195.238.1.121]>
In-Reply-To: <387DB3BB.8D85E624@sim.com.pl>
References: <387DB3BB.8D85E624@sim.com.pl>
Date: Thu, 13 Jan 2000 13:07:54 +0100
To: Gawel <gawel@sim.com.pl>,
	"freebsd-stable@FreeBSD.ORG" <freebsd-stable@FreeBSD.ORG>
From: Brad Knowles <blk@skynet.be>
Subject: Re: portmap
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 12:15 PM +0100 2000/1/13, Gawel wrote:

>  I 've got it several times:
>  portmap[16116]: connect from 195.31.252.2 to dump(): request from
>  unauthorized host.
>  It is harmless but annoying.
>  Is there any way to prevent portman listening requests on a NIC, ip,
>  etc. besides using hosts.allow?

	My understanding is that portmap uses UDP, which TCP-Wrappers 
doesn't protect.


	You can get an improved version of portmap that makes explicit 
use of wraplib (I'd suggest starting with Wietse Venema's version). 
I'd go to <ftp://ftp.porcupine.org/> and start from there.

	Or you can make use of kernel-level firewalling to prevent anyone 
from successfully getting packets through to a particular port on 
your machine, unless you want to let them through.  Look at "man 
ipfw" for starters.

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message