[NCLUG] I was hacked!
dobbster
dobbster at frii.com
Fri Dec 29 16:16:58 MST 2000
> Portmapper is only used by NFS, *I THINK*. I'm not sure if rsync uses it
> or not. Its used by the sun RPC services, at least. If you aren't using
> it, I'd turn it off. The trouble is figuring out if you use it. I'm not
> sure how to do that. :) I've never missed it, but it is always turned on
> when I install a machine. rpc.statd was also recently compromised... Make
> sure that isn't running, or is patched.
> You can also set up ipchains to block those ports... That's a solution for
> ports that cannot be protected with tcp wrappers. Oh, and it always helps
> to have a friend with nmap (www.insecure.org) test your firewall configs.
Righto - I am not running NFS or NIS, so I killed portmapper. I also
confirmed that rsync doesn't use it, and I'm not using any other RPC
services... I checked things out with nmap (forgot about that) and
things are hopefully pretty sturdy.
Thanks again for all of the advice!
Mark (dobbster at frii.com)
More information about the NCLUG
mailing list