Security Incidents mailing list archives
Re: Lots of rpc.statd probes lately
From: Justin Shore <macdaddy () NEO PITTSTATE EDU>
Date: Thu, 1 Mar 2001 14:53:58 -0600
On 3/1/01 1:18 PM James Paterson said...
I would suggest quite the opposite, I am sure that the number of exploitable boxes being added every minute by far exceeds those that are properly secured, and the number of machines being connected to the net is not doing down. Which is why we have to spread the word and educate people about securing their systems, before the Internet melts through heat death caused by SK's using nmap ;).
Along these same lines, I have what I feel is a slightly better plan. Educate the vendors to not turn on all the services they enable be default. What does the average user need portmap for? What does the average user need rsh or rlogin for? daytime, discard, chargen? Stop the madness! Turn off those services by default and the world will be a much safer place. If a user actually needs one of those services, they will probably have enough knowledge to use them properly, not always but the odds are greater that they will. Also don't advertise what OS or version you're running in every possible banner. We don't need to advertise to the world that this a a Redhat 5.2 box running 2.0.34 on a 486, do we? Picture in your mind a full portscan of an Irix or AIX box. Now tell me, do we really need to enable every single service no to mankind? SNMP, echo, Appletalk Routing?! I hope not. The uneducated users are a symptom. The vendors are the problem. Get the vendors to change their ways about what they enable by default and then worry about educating the uneducated that still have those services enabled. Fellow NetAdmins can help the problem a bit. Do we really need to allow port 111 in and out of our network? Probably not. What about SNMP? Maybe if you're a colo, but again probably not. How about ports 1-19? Most likely you don't need them either. 135-139? doubtful. You should shield your Windows machines from receiving traffic from the 'Net on these ports. Simple little things like that can easily thwart many kiddie attacks. My $.02, Justin -- Justin Shore, ES Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection.
Current thread:
- Lots of rpc.statd probes lately Frank Louwers (Mar 01)
- Re: Lots of rpc.statd probes lately Steve Stearns (Mar 01)
- <Possible follow-ups>
- Re: Lots of rpc.statd probes lately James Paterson (Mar 01)
- Re: Lots of rpc.statd probes lately Justin Shore (Mar 01)
- Re: Lots of rpc.statd probes lately Joseph Nicholas Yarbrough (Mar 02)