Re: rpc.statd

To: debian-security@lists.debian.org
Subject: Re: rpc.statd
From: Paul Visscher <paulv@cinternet.net>
Date: Sun, 8 Apr 2001 19:10:31 -0400
Message-id: <20010408191031.A31203@cinternet.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010408144752.T4971@plato.local.lan>; from erbenson@alaska.net on Sun, Apr 08, 2001 at 02:47:52PM -0800
References: <MGEDJOMNEECFEHABEGMFCEOMCKAA.rbartels@qx.net> <20010408154620.48dd8024.vulture@aoi.dyndns.org> <20010409001850.A10372@cistron.nl> <20010409002306.I616@localhost> <20010408144752.T4971@plato.local.lan>

Ethan Benson [erbenson@alaska.net] said:
> easier said then done, statd allocates a random (usually privileged)
> port and registers it with the portmapper.  blocking it with ipchains
> is a pain.  about the only way you can do it is to use a script that
> parses the output of rpcinfo -p localhost to find statd's current port
> and make a rule for it.  that of course breaks as soon as nfs-common
> gets restarted.

I do this and I add a line to /etc/init.d/nfs-common so that when
nfs-common is started, it executes the script. It's far from perfect,
but it seems to work better than nothing.

--paulv

Attachment: pgpMdUMAULhgX.pgp
Description: PGP signature

Reply to:

References:
- rpc.statd
  - From: "Robert Bartels" <rbartels@qx.net>
- Re: rpc.statd
  - From: Alexander Hvostov <vulture@aoi.dyndns.org>
- Re: rpc.statd
  - From: "Sander Smeenk \(CistroN Medewerker\)" <ssmeenk@cistron.nl>
- Re: rpc.statd
  - From: andrea@debian.org
- Re: rpc.statd
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: rpc.statd
Next by Date: Droping untracked packet
Previous by thread: Re: rpc.statd
Next by thread: Re: rpc.statd
Index(es):
- Date
- Thread