[CentOS] CentOS-announce Digest, Vol 137, Issue 1
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CEEA-2016:1375 CentOS 7 qla2xxx Enhancement Update (Johnny Hughes)
--
Message: 1
Date: Thu, 30 Jun 2016 17:45:38 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEEA-2016:1375 CentOS 7 qla2xxx Enhancement
Update
Message-ID: <20160630174538.ga46...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Enhancement Advisory 2016:1375
Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1375.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
08a6bc752e27c15e9416e7e517f3d8196230222a0b48500feabb503a51526233
kmod-qla2xxx-8.07.00.33.07.3_k-1.el7_2.x86_64.rpm
Source:
8c3640fe32a123a6f1630d3f3be4007be5c3a3bcbac94a6ea37c5ff21b921456
qla2xxx-8.07.00.33.07.3_k-1.el7_2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS
--
___
CentOS-announce mailing list
centos-annou...@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 137, Issue 1
***
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing RPC
You need to setup a firewall (either a separate hardware box or iptables on this server) that allows only those IPs you need to connect to those ports. You should never expose a service like this to the entire Internet. ~ Brian Mathis @orev On Fri, Jul 1, 2016 at 8:38 AM, Leon Vergottini wrote: > Dear Community > > I hope you are all doing well. > > Recently I have been receiving several complaints from our service > provider. Please see the complaint below: > > A public-facing device on your network, running on IP address > XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port > 111 and participated in a large-scale attack against a customer of ours, > generating responses to spoofed requests that claimed to be from the attack > target. > > Please consider reconfiguring this server in one or more of these ways: > > 1. Adding a firewall rule to block all access to this host's UDP port 111 > at your network edge (it would continue to be available on TCP port 111 in > this case). > 2. Adding firewall rules to allow connections to this service (on UDP port > 111) from authorized endpoints but block connections from all other hosts. > 3. Disabling the port mapping service entirely (if it is not needed). > > > > Unfortunately, I cannot disable NFS which lies at the root of this > problem. In addition, I am struggling to find a proper tutorial of moving > NFS from udp over to tcp. > > May I kindly ask you to point me in a direction or provide me with ideas on > how to nail this thing in the > > Kind Regards > Leon > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
