On Fri, 10 Jan 1997, Rob Sansom wrote:
> Wow, I'm actually posting, and breaking my New Years resolution not to write
> email first thing in the morning...
>
> RPC Portmapper. Very bad to allow people to connect to this, since they can
> find out what sorts of RPC services you run on your host (if I'm correct).
Just to add a comment to this... its true that allowing lots of people to
connect to the portmapper is bad, but I think that people get a false
sense of security by either blocking portmap connections, or by running a
portmapper in a restricted mode. As portmap simply provides you with an
easy way to find the RPC service you are looking for, its a trivial block
to get around. Simply connecting to the ports within normal RPC service
ranges and identifying services on ports will give you exactly the same
information that portmap does.. it just takes slightly longer.
My overall recomendation is to block connections to many of those ports,
either at a router, firewall.. or on the machine itself. Many OSes have
built-in support for packet filtering.. make use of it. (ipfilter,
ipfilterd, ipfw, screend, etc..) Also, consider if you need to run any of
these services in the first place? If you have a machine that is a stand
alone server, turn it off, and disable any rpc services running. Then you
don't need to worry about it..
paul
References:
|
|
