Dangers of rpc.portmap, rpc.mountd, rpc.nfsd

Dangers of rpc.portmap, rpc.mountd, rpc.nfsd

Post by zinc » Mon, 19 May 1997 04:00:00



-----BEGIN PGP SIGNED MESSAGE-----


Quote:> Hello,

> also, i am curious if there is any way to disable any hosts
> except localhost fropm ever accessing these services.

you want to get the latest version of tcp wrappers and become
intimately familiar with them.

you can get these here: ftp://ftp.cert.org

if you need assistance with configuration i can give you a hand.

- -pjf

- --
"Those that give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin (1773)

zifi runs LINUX 2.0.30  -=-=-=WEB=-=-=->  http://zifi.genetics.utah.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBM39VLE3Qo/lG0AH5AQHWzgQAk7KKSrARN51w9bcyqYe27j8aIUpOSNoP
Fp+35Xug/jEwnNDEldIJ2IWWZavV0DnohTWslFckB8P6G+c+LdzWmxD9ktbAmKc1
RMuyXjhSwMdzEq/6WoW7wkarU/cjIBGZSsxFDn/ofjBGB/apQpDxpE0DqCyJyt+w
7WbwjSToFtU=
=HoKc
-----END PGP SIGNATURE-----

 
 
 

Dangers of rpc.portmap, rpc.mountd, rpc.nfsd

Post by Paul Civa » Wed, 21 May 1997 04:00:00




[Securing RPC services]

Quote:>> also, i am curious if there is any way to disable any hosts
>> except localhost fropm ever accessing these services.

> you want to get the latest version of tcp wrappers and become
> intimately familiar with them.
> you can get these here: ftp://ftp.cert.org
> if you need assistance with configuration i can give you a hand.

Specifically, you want Wietse's secure portmapper/rpcbind.  Although
I don't believe this protects you from every kind of attack wrt RPC,
but it's certainly worth installing.

-Paul-

 
 
 

Dangers of rpc.portmap, rpc.mountd, rpc.nfsd

Post by Thomas H. Ptac » Wed, 21 May 1997 04:00:00



Quote:>I am curious if there are any security risks associated with running
>rc.local:        Run /usr/sbin/rpc.portmap
>rc.local:        Run /usr/sbin/rpc.mountd
>rc.local:        Run /usr/sbin/rpc.nfsd

If you are not running NFS to mount (or export) filesystems between
machines, turn these off. If you are, obtain Wietse Venema's wrapped
portmapper (ftp.win.tue.nl:/pub/security) and disallow access to the
portmapper from as many services as possible. If you're able, filter out
accesses to TCP/UDP at 111 and 2049 (portmap and NFS, respectively).

--
----------------

----------------
exit(main(kfp->kargc, argv, environ));

 
 
 

1. How to use rpc.portmap, rpc.mountd, rpc.nfsd?

[Q2] Stupid but non-FAQ NFS question #2:
Thanks for the help of finding out the rpc.portmap, rpc.mountd, rcp.nfsd.  
Still, after reading the NFS-FAQ, Linux Network Admin Guide, none of these guys
seem to work at all.  I still get the message of RPC fault: program is not
registered.  I guess I really need a cookbook example.

Let's say I have machines A and B which both of them can telnet and ftp to each
other.  In other words, they are properly connected.  Now, this is how I did.
I add three statements at the begninning of the rc.inet2 at machine A:

/usr/sbin/rpc.portmap
/usr/sbin/rpc.mountd
/usr/sbin/rpc.nfsd
/bin/mount -t nfs B:/home /mnt

Then, I add /mnt B[rw] at /etc/exports at machine A.
Then, reboot machine A, and it prompts RPC fault: program is not registered.
Can anyone provide me an idiot-proof way of attacking this?  Thanks.
BTW, someone mention "premeter".  What is that?

--

Salem

2. limits

3. Where are rpc.portmap, rpc.mountd, rpc.nfsd?

4. Linux kernel 1.2.1, turbo mode & failing compilations. HELP!

5. rpc.nfsd and rpc.mountd won't start from rsh

6. Dell XPSB733, Samsung Video chips, w/ AGP, can't get X-Server to run?

7. pre2.0.7-8 break rpc.mountd, rpc.nfsd

8. php apache build problem

9. RH-6.1: rpc.mountd, rpc.nfsd NOT running!

10. rpc.mountd and rpc.nfsd killed and restarting automatically

11. RPC 4.0 vs RPC 4.1 vs TI RPC

12. Comparison bet soap rpc, dce rpc and sun rpc