Date: Sun, 22 Jul 2001 20:18:12 -0400 (EDT) From: Jim Durham <durham@w2xo.pgh.pa.us> To: serkoon <serkoon@thedarkside.nl> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: rpc.statd attacks Message-ID: <Pine.BSF.4.33.0107222016340.2632-100000@jimslaptop.int> In-Reply-To: <002501c112f2$208d47c0$0200000a@kilmarnock>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 22 Jul 2001, serkoon wrote: > Chris wrote: > > > Don't "block" port 111. Pass only traffic you want and expect, block > > everything else by default. > > Yes, I should have made that more clear, but since I don't have it setup > that way, at least for UDP, it didn't occur to me. One should use > stateful filtering for this to work right. (Don't ever allow udp from any:53 > to $yourip). > > With regards > I'm not allowing packets "in via outside_interface", either tcp or udp to port 111. Obviously, if I blocked 111 internally, my NFS would quit! I gather this is wrong. Would someone explain why? -Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0107222016340.2632-100000>