[lug] Interesting Crash Report
Glenn Murray
gmurray at Mines.EDU
Wed Mar 21 09:21:31 MST 2001
Nothing like a good security discussion to bring on that
early morning paranoia: when I run "lsof -i" I get
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 109 root 3u IPv4 58 UDP *:sunrpc
portmap 109 root 4u IPv4 59 TCP *:sunrpc (LISTEN)
rpc.statd 180 root 0u IPv4 103 UDP *:781
rpc.statd 180 root 1u IPv4 106 TCP *:783 (LISTEN)
but my ipchains rules do not accept input packets on ports 111, 781 or 783.
1. Am I safe from attacks on those ports? (If not, then I've really
missed the point about ipchains!)
2. I know of no reason for another computer to call sunrpc or any
other kind of rpc on my box---is there any harm in turning these
daemons off in /etc/rc* ? (I would think there would be no harm,
but paranoia makes me ask.)
Thanks,
Glenn Murray
www.mines.edu/~glenn/public_html/Welcome.html
On Tue, 20 Mar 2001, Scott A. Herod wrote:
> Also, as root, check the result of "lsof -i". Suspicious
> things are sshd's running on numerical ports, esp. anything higher
> than 1024.
More information about the LUG
mailing list