On 15 Aug 2001 10:22:35 -0700, Craig Dickson wrote: > Michael Heldebrant wrote: > > > Protect your portmapper with /etc/hosts.deny and /etc/hosts.allow and > > you won't get these buffer overflow attacks squatting in your syslogs > > anymore. I only allow 127.0.0.1 and my internal networks to touch the > > portmapper. Everyone else no access, stopped me from getting those > > attacks. > > My solution was simply to uninstall portmap. I couldn't figure out what > I could possibly need it for. I haven't observed any problems resulting > from this. > > My standard theory is that if I see that my machine is listening on a > port, I figure out why, and if I can't figure out why I should want it > to do that, I get rid of the service or disable its listening feature. > If I only want it for my own use, I block that port at my firewall _and_ > configure the service to accept only in-house IPs (_not_ including the > firewall) or 127.0.0.1 as appropriate. >
I use nfs on my internal network and wanted to block outside access so portmap worked great for me once I protected it. Your way is just as valid if you don't need it. --mike
