Re: [Fwd: rpc.statd hacking but firewalled]

To: debian-firewall@lists.debian.org
Subject: Re: [Fwd: rpc.statd hacking but firewalled]
From: Michael Wood <wood@kingsley.co.za>
Date: Mon, 12 Mar 2001 10:52:50 +0200
Message-id: <20010312105250.H13244@lion.kingsley.co.za>
In-reply-to: <3AAC4D47.31F25CBA@microlink.net>; from hanasaki@microlink.net on Sun, Mar 11, 2001 at 10:15:03PM -0600
References: <3AAC4D47.31F25CBA@microlink.net>

Hi

On Sun, Mar 11, 2001 at 10:15:03PM -0600, hanasaki wrote:
> 
> The following showed up in my syslog the other day.... Is this
> possbile hacking?

Yes.

> What port is rpc.statd on?

It's an RPC service, so it is not guaranteed to be listening on
the same port every time.  The portmapper tells people where to
find it.  You can use lsof to find what port it's listening on.

> What does it do?
> What will break if it is turned off? and how to turn it off?
> Only a few, selected ports, are listened on.  The last rule in
> my firewall script is ipchains -l -A input -i eth0 -j DENY.
[snip]

rpc.statd is used for NFS.  If you're not using NFS, uninstall
it.  Also, disable portmap.

-- 
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies

Reply to:

References:
- [Fwd: rpc.statd hacking but firewalled]
  - From: hanasaki <hanasaki@microlink.net>

Prev by Date: Re: SNAT vs Forwarding
Next by Date: Re: [Fwd: rpc.statd hacking but firewalled]
Previous by thread: [Fwd: rpc.statd hacking but firewalled]
Next by thread: Re: [Fwd: rpc.statd hacking but firewalled]
Index(es):
- Date
- Thread