|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system
From: Ralf G. R. Bergs (rabe
RWTH-AACHEN.DE)Date: Wed Jul 26 2000 - 14:22:56 CDT
- Next message: Granquist, Lamont: "Re: /tmp/bob on compromised system"
- Previous message: Rich Puhek: "Re: Strange distributed scan/probe activity"
- In reply to: Jeffrey F. Lawhorn: "Re: /tmp/bob on compromised system"
- Next in thread: Adam Pendleton: "Re: /tmp/bob on compromised system"
- Reply: Ralf G. R. Bergs: "Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 24 Jul 2000 21:25:14 -0700, Jeffrey F. Lawhorn wrote:
>/tmp/bob is a finger print from a rpc.statd exploit.
Is it possible to protect the rpc.statd by using the tcp wrapper?
I currently have the following in my inetd.conf file on my Solaris
2.5.1...2.7 machines:
rstatd/2-4 tli rpc/datagram_v wait root \
/usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd
Is it ok to use tcpd like this:
rstatd/2-4 tli rpc/datagram_v wait root \
/usr/sbin/tcpd /usr/lib/netsvc/rstat/rpc.rstatd
I'm not sure whether TLI and rpc/datagram_v works with tcpd.
Thanks,
Ralf
-- Sign the EU petition against SPAM: L I N U X .~. http://www.politik-digital.de/spam/ The Choice /V\ of a GNU /( )\ Generation ^^-^^
- Next message: Granquist, Lamont: "Re: /tmp/bob on compromised system"
- Previous message: Rich Puhek: "Re: Strange distributed scan/probe activity"
- In reply to: Jeffrey F. Lawhorn: "Re: /tmp/bob on compromised system"
- Next in thread: Adam Pendleton: "Re: /tmp/bob on compromised system"
- Reply: Ralf G. R. Bergs: "Protect rpc.statd by tcp wrapper? (was Re: /tmp/bob on compromised system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]