Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #664

Re: portmap/rpcbind and tcpwrapper

Path csiph.com!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail
From William Unruh <unruh@invalid.ca>
Newsgroups alt.os.linux.mageia, comp.os.linux.security
Subject Re: portmap/rpcbind and tcpwrapper
Date Sat, 10 Oct 2015 20:11:43 +0000 (UTC)
Organization A noiseless patient Spider
Lines 16
Message-ID <mvbrdu$kpu$1@dont-email.me> (permalink)
References <muiog2$qbj$1@dont-email.me> <5619135e$0$23831$e4fe514c@news.xs4all.nl> <mvbcjd$s4i$1@dont-email.me> <mvbegc$1v0m$1@saria.nerim.net>
Injection-Date Sat, 10 Oct 2015 20:11:43 +0000 (UTC)
Injection-Info mx02.eternal-september.org; posting-host="bce60fb4c4f81b126f867f22d396ac27"; logging-data="21310"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19IbKlk4XCNf28M9Q5pkf5W"
User-Agent slrn/1.0.1 (Linux)
Cancel-Lock sha1:zADG3Qj6KMLDvL0LOerF/EufHcw=
Xref csiph.com alt.os.linux.mageia:10741 comp.os.linux.security:664

Cross-posted to 2 groups.

Show key headers only | View raw

On 2015-10-10, Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> wrote:
> William Unruh a ?crit :
>> 
>>   The problem is that my one machine is "known" to have an open rpcinfo,
>>   and thus it keeps getting hammered by this stupic rpc amplification
>>   attack, even after I have enabled tcpwrapppers ( and it works as the
>>   logs say) Since the udp packets response is being misdirected there is
>>   no way the attacker knows that his amplification is not working so it
>>   keeps on going. 10000 attempts per day filling my tcpwrapper logs. 
>
> You may consider to :
> - specify the address(es) rpcbind listens on with -h ;
> - filter undesirable RPC requests with iptables.

rpcbind does not honour libwrap by default.

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-01 07:48 +0000
  Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-10 15:32 +0200
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 15:58 +0000
      Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-10 18:31 +0200
        Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-10 20:11 +0000
          Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-11 11:37 +0200
          Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 09:54 +0200
            Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 17:09 +0000
              Re: portmap/rpcbind and tcpwrapper Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> - 2015-10-12 21:01 +0200
                Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-12 22:18 +0000
              Re: portmap/rpcbind and tcpwrapper Rob van der Putten <rob@sput.nl> - 2015-10-12 21:39 +0200
  Re: portmap/rpcbind and tcpwrapper "SyMcBean ( http://lampe2e.blogspot.co.uk )" <colin.mckinnon@gmail.com> - 2015-10-22 14:55 -0700
    Re: portmap/rpcbind and tcpwrapper William Unruh <unruh@invalid.ca> - 2015-10-23 00:15 +0000

csiph-web