From owner-freebsd-security Sun Jul 22 17:25:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by hub.freebsd.org (Postfix) with ESMTP id 92F2337B405 for ; Sun, 22 Jul 2001 17:25:19 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from jimslaptop.int (jimslaptop.int [192.168.5.8]) by w2xo.pgh.pa.us (8.11.3/8.11.3) with ESMTP id f6N0XAm29999; Sun, 22 Jul 2001 20:33:11 -0400 (EDT) (envelope-from durham@w2xo.pgh.pa.us) Date: Sun, 22 Jul 2001 20:25:32 -0400 (EDT) From: Jim Durham X-X-Sender: To: Peter Chiu Cc: serkoon , Subject: Re: rpc.statd attacks In-Reply-To: <11065209255.20010722201224@ipfw.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 22 Jul 2001, Peter Chiu wrote: > Hello Jim, > > SYNOPSIS > portmap [-d] [-v] [-h bindip] > > You can just bind it to your internal IP. > > > Sunday, July 22, 2001, 8:07:38 PM, you wrote: > > > JD> On Sun, 22 Jul 2001, serkoon wrote: > > JD> I'm using NFS internally, so I need portmapd and 111 udp is > JD> blocked. That's what is bothering me.. > > -- OK, I was unaware of *that*, but it did remind me of something else... I *do* have portmap in my hosts.allow for LAN addresses only (I'm running natd with private addresses on the LAN, and all NFS stuff flows on those addresses). I'll also do what you suggested. -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message