Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #663

Re: portmap/rpcbind and tcpwrapper

From Pascal Hambourg <boite-a-spam@plouf.fr.eu.org>
Newsgroups alt.os.linux.mageia, comp.os.linux.security
Subject Re: portmap/rpcbind and tcpwrapper
Date 2015-10-10 18:31 +0200
Organization Plouf !
Message-ID <mvbegc$1v0m$1@saria.nerim.net> (permalink)
References <muiog2$qbj$1@dont-email.me> <5619135e$0$23831$e4fe514c@news.xs4all.nl> <mvbcjd$s4i$1@dont-email.me>

Cross-posted to 2 groups.

Show all headers | View raw

William Unruh a écrit :
> 
>   The problem is that my one machine is "known" to have an open rpcinfo,
>   and thus it keeps getting hammered by this stupic rpc amplification
>   attack, even after I have enabled tcpwrapppers ( and it works as the
>   logs say) Since the udp packets response is being misdirected there is
>   no way the attacker knows that his amplification is not working so it
>   keeps on going. 10000 attempts per day filling my tcpwrapper logs. 

You may consider to :
- specify the address(es) rpcbind listens on with -h ;
- filter undesirable RPC requests with iptables.

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-01 07:48 +0000
  Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-10 15:32 +0200
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 15:58 +0000
      Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-10 18:31 +0200
        Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 20:11 +0000
          Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-11 11:37 +0200
          Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 09:54 +0200
            Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 17:09 +0000
              Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-12 21:01 +0200
                Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 22:18 +0000
              Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 21:39 +0200
  Re: portmap/rpcbind and tcpwrapper "SyMcBean ( http://lampe2e.blogspot.co.uk )" <colin.mckinnon@gmail.com> - 2015-10-22 14:55 -0700
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-23 00:15 +0000

csiph-web