IPChains/Tables. All these services run on certain ports that they use
even internally to the machine. Unless you're building a hardened firewall
box (where you shouldn't be running RPC or X11 anyway) you should just
either A) [preferable] have these systems behind a hardened firewall box,
or B) install appropriate IPChains/Tables rules to block external access to
those services.
At 04:10 PM 5/24/2001 +0900, Curt Howland wrote:
>ok, with all this talking about rpc security holes, even though i've
>port-scanned and edited my initd.conf file, and pruned out everything i can
>think of to prune, the following still shows up in netstat -a:
>
>tcp 0 0 *:sunrpc *:* LISTEN
>udp 0 0 *:1171 *:*
>udp 0 0 bogus.bogus.com:domain *:*
>udp 0 0 localhost:domain *:*
>udp 0 0 *:sunrpc *:*
>raw 0 0 *:icmp *:* 7
>raw 0 0 *:tcp *:* 7
>
>the last two i understand, as well as domain, but sunrpc and 1171?
>
>i've cleaned up everything i can think of, but X11R6 says it still needs the
>RPC packages.
>
>any suggestions?
>
>Curt-
>
>
>--
>To UNSUBSCRIBE, email to [EMAIL PROTECTED]
>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
Eric N. Valor
Webmeister/Inetservices
Lutris Technologies
[EMAIL PROTECTED]
- This Space Intentionally Left Blank -
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
