Ralph Crongeyer wrote:
Jochen Schulz <ml@well-adjusted.de> wrote:Realos:Mike McCarty wanted us to know:http://www.securityfocus.com/brief/38?ref=rssI have rpc.statd and portmap running on my system. Are they vulnerable to this security hole/worm? As I do not use nfs on my debian server, doesn't it make sense to disable both portmap and rpc.statd on my system?If you don't need them, remove them. Or at least block access to them with the help of iptables. J. -- I cannot comprehend the idea of chemical and biological weapons. [Agree] [Disagree] <http://www.slowlydownward.com/NODATA/data_enter2.html>I like Firehol firewall. It's easy to set up and use. It works great for my home server.
I asked specifically in the firehol newsgroup how Firehol protects against this worm and got this:
firehol doesent (to my knowledge) have any statements to block this worm.. my guess is that they stated that it could be blocked with firehol, and if that is the case, you have to figure out something the worm uses, ports or something, and block it with firehol.
So unless you know specifically *how* the worm operates, Firehol will *not* protect unless you set it up to do so.
Has anybody done this with Firehol? I guess not. H