SUN RPC portmap

SUN RPC portmap

[Spiro Azkoul]

Can anyone think of a reason to simple block SUN RPC via iptables rather
than simply stopping the service if it is a mail/pop/imap/web server?
Thanks

Re: SUN RPC portmap

[Daniel Wittenberg]

If you don't need need, why not un-install it?  On systems I have to have it 
on I block it in iptables and hosts.allow.

Dan


Quoting Spiro Azkoul <spiro@snacorp.net>:

> Can anyone think of a reason to simple block SUN RPC via iptables rather
> than simply stopping the service if it is a mail/pop/imap/web server?
> Thanks
> 
> 
> 

delay after [time patch] rule's expire

[=?unknown-8bit?q?m=2Ebar=FD=FE?= demiray]

Hi all!
This is not a technical problem in fact, only my
curiousty. I applied the time patch with patch-o-matic
and test it with a rule like

iptables -A INPUT -p icmp -m time --timestart 14:44
--timestop 14:55 --days Fri -j DROP

When the current time is passing the start time
(packages will be matched and dropped soon) and the
stop time (they'll be free to pass again) there is
about 1 min. delay between these two process. For
example, when it's 14:55, then the icmp packages
shouldn't be matched anymore but they are dropped till
it's about 14:56. Why?

Have a nice day..



=====
M.Barýþ Demiray

DOS: n., A small annoying boot virus that causes random 
spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX.  See also MS-DOS, IBM-DOS, DR-DOS.


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

Re: delay after [time patch] rule's expire

[Antony Stone]

On Friday 25 June 2004 6:32 pm, m.barýþ demiray wrote:

> Hi all!
> This is not a technical problem in fact, only my
> curiousty. I applied the time patch with patch-o-matic
> and test it with a rule like
>
> iptables -A INPUT -p icmp -m time --timestart 14:44
> --timestop 14:55 --days Fri -j DROP
>
> When the current time is passing the start time
> (packages will be matched and dropped soon) and the
> stop time (they'll be free to pass again) there is
> about 1 min. delay between these two process. For
> example, when it's 14:55, then the icmp packages
> shouldn't be matched anymore but they are dropped till
> it's about 14:56. Why?

I think the timestart will match as long as the hours=14 and the minutes=44 
(ie at 14:44:00), and the timestop will match until after the hours=14 and 
the minutes=55 (ie: just gone 14:55:59).

If you want exactly ten minutes of blocked packets, specify --timestart 14:44 
--timestop 14:54 (ie: ten minutes' difference between the two times)

Regards,

Antony.

-- 
Anything that improbable is effectively impossible.

 - Murray Gell-Mann, Nobel Prizewinner in Physics

                                                     Please reply to the list;
                                                           please don't CC me.

Re: SUN RPC portmap

[Antony Stone]

On Friday 25 June 2004 5:01 pm, Spiro Azkoul wrote:

> Can anyone think of a reason to simple block SUN RPC via iptables rather
> than simply stopping the service if it is a mail/pop/imap/web server?

Disable and uninstall any service you do not require on a machine.

If you want the machne to run mail/pop/imap/web, then there should be no ftp 
server, no telnet daemon, no finger service, no daytime service, no 
portmapper (rpc), no file sharing.....

You might want to leave sshd running on the system, though :)

Regards,

Antony.

-- 
"The joy of X!!??  I've always hated compiling graphical shite.  You have a 10 
line program, and it ends up depending on the entire known universe."

 - Philip Hands

                                                     Please reply to the list;
                                                           please don't CC me.

RE: SUN RPC portmap

[Mark E. Donaldson]

 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Spiro Azkoul
Sent: Friday, June 25, 2004 9:01 AM
To: netfilter@lists.netfilter.org
Subject: SUN RPC portmap

Can anyone think of a reason to simple block SUN RPC via iptables rather
than simply stopping the service if it is a mail/pop/imap/web server?
Thanks


It's normally referred to as "Defense-in-Depth". It is not recommended to
rely on a single method of security for anything. If the attacker gets
through the front line, it's always nice to know there is a second or third
or fourth, etc, etc, layer of defense to stop them.