Date: Tue, 22 May 2007 09:38:29 -0700 From: "Jack Vogel" <jfvogel@gmail.com> To: "=?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?=" <des@des.no> Cc: Ian FREISLICH <ianf@clue.co.za>, freebsd-current@freebsd.org Subject: Re: em0 hijacking traffic to port 623 Message-ID: <2a41acea0705220938p20b998bfg86a6feba9abc9862@mail.gmail.com> In-Reply-To: <86zm3xmeyy.fsf@dwp.des.no> References: <E1HqMm7-0000V4-AL@clue.co.za> <86zm3xmeyy.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/22/07, Dag-Erling Sm=F8rgrav <des@des.no> wrote: > Ian FREISLICH <ianf@clue.co.za> writes: > > No, it's a March 6 current. How safe is it to just update the > > sys/dev/em directory and recompile? Quite a lot has changed in > > CURRENT since then and I don't want to update everything on these > > servers just yet. > > Quick workaround: configure inetd to listen to port 623 so rpcbind > won't assign these ports to the NFS server. Something like this: > > asf-rmcp dgram udp nowait root /bin/false false > asf-rmcp stream tcp nowait root /bin/false false You dont have to do anything this crude btw, there is an setting in rc.conf I believe to control the range, I'm rusty on the details right now, I discovered this while working this same issue with Yahoo, but its been 6 months or more since. Jack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2a41acea0705220938p20b998bfg86a6feba9abc9862>