Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #664

Re: portmap/rpcbind and tcpwrapper

From William Unruh <unruh@invalid.ca>
Newsgroups alt.os.linux.mageia, comp.os.linux.security
Subject Re: portmap/rpcbind and tcpwrapper
Date 2015-10-10 20:11 +0000
Organization A noiseless patient Spider
Message-ID <mvbrdu$kpu$1@dont-email.me> (permalink)
References <muiog2$qbj$1@dont-email.me> <5619135e$0$23831$e4fe514c@news.xs4all.nl> <mvbcjd$s4i$1@dont-email.me> <mvbegc$1v0m$1@saria.nerim.net>

Cross-posted to 2 groups.

Show all headers | View raw

On 2015-10-10, Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> wrote:
> William Unruh a ?crit :
>> 
>>   The problem is that my one machine is "known" to have an open rpcinfo,
>>   and thus it keeps getting hammered by this stupic rpc amplification
>>   attack, even after I have enabled tcpwrapppers ( and it works as the
>>   logs say) Since the udp packets response is being misdirected there is
>>   no way the attacker knows that his amplification is not working so it
>>   keeps on going. 10000 attempts per day filling my tcpwrapper logs. 
>
> You may consider to :
> - specify the address(es) rpcbind listens on with -h ;
> - filter undesirable RPC requests with iptables.

rpcbind does not honour libwrap by default.

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-01 07:48 +0000
  Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-10 15:32 +0200
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 15:58 +0000
      Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-10 18:31 +0200
        Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 20:11 +0000
          Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-11 11:37 +0200
          Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 09:54 +0200
            Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 17:09 +0000
              Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-12 21:01 +0200
                Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 22:18 +0000
              Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 21:39 +0200
  Re: portmap/rpcbind and tcpwrapper "SyMcBean ( http://lampe2e.blogspot.co.uk )" <colin.mckinnon@gmail.com> - 2015-10-22 14:55 -0700
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-23 00:15 +0000

csiph-web