Re: Portmap deamon removal

To: Bryan Scaringe <bryan.scaringe@computer.org>
Cc: Debian Users <debian-user@lists.debian.org>, recipient list not shown: ;
Subject: Re: Portmap deamon removal
From: aphro <nate@firetrail.com>
Date: Mon, 29 Nov 1999 22:24:20 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.20.9911292217580.27824-100000@galactica.firetrail.com>
In-reply-to: <[🔎] XFMail.19991129232406.bryan.scaringe@computer.org>

On Mon, 29 Nov 1999, Bryan Scaringe wrote:

bryan. >use a given service, one should remove it.  However, I am not sure
bryan. >about how or if I should remove portmap.  Doing an "rpcinfo -p"
bryan. >gives: 

from what ive seen portmapper is only needed for RPC services such as NFS
and mountd, both of which have a history of security problems.  In slink
to disable it i reccomend renaming /sbin/portmap to something else, as the
netbase script tries to start it, but netbase loads other things as well,
so its not (as) a good idea to remove the script.  Or, firewall the port
(111 i believe)

bryan. >Should I:
bryan. >1) Rename all the /etc/rcX.d/S18portmap files to K18portmap to stop
bryan. >   portmapper from ever running?

if you got slink, this may not be enough on my machines
/etc/init.d/netbase_real calls portmap as well, on potato i dont think it
does, but i havent tried potato yet.

bryan. >2) Set up IPchains and /etc/hosts.allow(deny) to refuse all external
bryan. >   attempts to access the portmap deamon, but leave it running?

if your not planning on using it, shut it down, there are ways around
firewalls(i remember reading about some hole in ipchains firewall in an
early 2.2.x kernel i think) and of course ways around tcp_wrappers
too..but both are for sure better then nothing.

bryan. >to cooperate with some cracker's scans.

one of my machines(slackware3.2) was cracked last year..got in thru
portmapper..or nfs..or mountd i forgot which..no damage done though, they
just made a few accounts, eventually caught em and locked them out, a few
weeks later our sister isp got hacked(slackware too) and rm -rf /'d ..a
few days/week after that a guy was arrested for it. since then my learning
curve for security on *nix systems is going way up :) 

nate

----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--
9:54pm up 102 days, 9:34, 1 user, load average: 1.91, 1.59, 1.54

Reply to:

References:
- Portmap deamon removal
  - From: Bryan Scaringe <bryan.scaringe@computer.org>

Prev by Date: Re: How to Pre-Invoke {"mount -o remount,rw /usr";}; with /etc/apt/apt.conf?
Next by Date: Re: storm linux?
Previous by thread: Portmap deamon removal
Next by thread: storm linux?
Index(es):
- Date
- Thread