r* services. Was: Re: March Meeting Presentations
George Toft
plug-discuss@lists.plug.phoenix.az.us
Tue, 12 Mar 2002 23:19:49 -0500
foodog wrote:
>
> George Toft wrote:
> >
> > "der.hans" wrote:
> > >
> > > Am 11. Mar, 2002 schwätzte George Toft so:
> > >
> > > > This machine is not connected to the Internet without a
> > > > firewall, is it? Please say it isn't.
> > >
> > > It's obviously a mostly default RH 7.x box running KDE. While it sucks that
> > > portmap and other atrocities get started up, some of those services are
> > > configured to ignore external connections and it does have a basic ipchains
> > > firewall ( provided it hasn't been disabled ).
> > >
> > > My redirection service appears to be having probs, so here's a temporary URL
> > > for my RH setup and secure doc I wrote last year.
> > >
> > > http://arizona.speedchoice.com/~lufthans/unix/docs/HOWTO/securing_RedHat.html
> > >
> > > I just ran through 7.2 last week. This doc still mostly applies.
> > >
> > > Yes, George, I know it's EBo's machine, not yours, but I wanted to respond
> > > to your comment ;-). He should go over my doc :).
> >
> > It's probably a carryover from my early Unix days where the
> > r* services were major gaping holes in a boxes security. This
> > seems to get reinforced periodically with security advisories.
> > Being paranoid, I fail safe.
> >
> > George
>
> Somebody still thinks the r* services are holes. I've been averaging
> about 3 scans per day on TCP port 111 for about the last month.
>
> Steve
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
After the sunrpc vulnerability from a few months ago, I noticed
port 111 scans went up dramatically.
George