Firewall Wizards mailing list archives

Re: PIXen spewing udp packets at port 111?!

From: "Charles W. Swiger" <chuck () codefab com>
Date: Tue, 7 Jan 2003 17:05:08 -0500

On Tuesday, January 7, 2003, at 02:30  PM, R. DuFresne wrote:

My understanding, and it's a tad dated, and might be outdated, is that
it's near to impossible <hoop jumping and kernel hacks if I recall> to
tune out RPC on solaris, which is better trained via filtering and such.
Is this still valid understanding, or dated?  solaris 6 and 7 at present,
with considerations of solaris 9 in some future context.

Something close to the following will disable portmapper and the variousservices that depend on RPC under Solaris 2.6, 7-9:


####
# disabling Solaris services

mv /etc/rc2.d/S71rpc /etc/rc2.d/s71rpc
mv /etc/rc2.d/S73nfs.client /etc/rc2.d/s73nfs.client
mv /etc/rc2.d/S74autofs /etc/rc2.d/s74autofs
mv /etc/rc2.d/S74xntpd /etc/rc2.d/s74xntpd
mv /etc/rc2.d/S80lp /etc/rc2.d/s80lp
mv /etc/rc2.d/S80spc /etc/rc2.d/s80spc
mv /etc/rc2.d/S85power /etc/rc2.d/s85power
mv /etc/rc2.d/S90wbem /etc/rc2.d/s90wbem
mv /etc/rc2.d/S99dtlogin /etc/rc2.d/s99dtlogin

mv /etc/rc3.d/S15nfs.server /etc/rc3.d/s15nfs.server
mv /etc/rc3.d/S34dhcp /etc/rc3.d/s34dhcp
#mv /etc/rc3.d/S50apache /etc/rc3.d/s50apache
mv /etc/rc3.d/S76snmpdx /etc/rc3.d/s76snmpdx
mv /etc/rc3.d/S77dmi /etc/rc3.d/s77dmi
mv /etc/rc3.d/S80mipagent /etc/rc3.d/s80mipagent
touch /etc/notrouter

# also turn off every service listed in /etc/inetd.conf
# Edit /etc/default/inetinit and enable RFC-1948 sequence numbers

This won't remove programs like rpcinfo which can perform RPC lookups, norwould I disagree with your suggestion (implication?) that packet filteringport 111 using a firewall remains a good idea.


-Chuck

Chuck Swiger | chuck () codefab com | All your packets are belong tous.-------------+-------------------+-----------------------------------

       "The human race's favorite method for being in control of the facts
        is to ignore them."  -Celia Green

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIXen spewing udp packets at port 111?! R. DuFresne (Jan 07)
- Re: PIXen spewing udp packets at port 111?! Dave Mitchell (Jan 07)
  - Re: PIXen spewing udp packets at port 111?! R. DuFresne (Jan 07)
    - Re: PIXen spewing udp packets at port 111?! Dave Mitchell (Jan 07)
    - Re: PIXen spewing udp packets at port 111?! Charles W. Swiger (Jan 07)
    - Re: PIXen spewing udp packets at port 111?! Mordechai T. Abzug (Jan 07)
- <Possible follow-ups>
- RE: PIXen spewing udp packets at port 111?! R. DuFresne (Jan 08)