IPChains/Tables. All these services run on certain ports that they use even internally to the machine. Unless you're building a hardened firewall box (where you shouldn't be running RPC or X11 anyway) you should just either A) [preferable] have these systems behind a hardened firewall box, or B) install appropriate IPChains/Tables rules to block external access to those services.
At 04:10 PM 5/24/2001 +0900, Curt Howland wrote:
ok, with all this talking about rpc security holes, even though i've port-scanned and edited my initd.conf file, and pruned out everything i can think of to prune, the following still shows up in netstat -a: tcp 0 0 *:sunrpc *:* LISTEN udp 0 0 *:1171 *:* udp 0 0 bogus.bogus.com:domain *:* udp 0 0 localhost:domain *:* udp 0 0 *:sunrpc *:* raw 0 0 *:icmp *:* 7 raw 0 0 *:tcp *:* 7 the last two i understand, as well as domain, but sunrpc and 1171? i've cleaned up everything i can think of, but X11R6 says it still needs the RPC packages. any suggestions? Curt- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
-- Eric N. Valor Webmeister/Inetservices Lutris Technologies [EMAIL PROTECTED] - This Space Intentionally Left Blank -
