portmap/rpcbind is supposed to controllabl by tcpwrapper. I have a line rpcbind portmap: ALL:deny
in /etc/hosts.allow after a line
rpcbind portmap: 192.168.0.0/24 : allow
But then I can still run rpcinfo on a machine from outside that network
and et responses.
Does rpcbind respect tcpwrapper or not?
Hi there
William Unruh wrote:
portmap/rpcbind is supposed to controllabl by tcpwrapper. I have a line
rpcbind portmap: ALL:deny
Try;
portmap: ALL: deny
in /etc/hosts.allow after a line
rpcbind portmap: 192.168.0.0/24 : allow
Try;
portmap: 192.168.0.0/24 : allow
But then I can still run rpcinfo on a machine from outside that network
and et responses.
Does rpcbind respect tcpwrapper or not?
Yes.
Regards,
Rob
The problem is that my one machine is "known" to have an open rpcinfo,
and thus it keeps getting hammered by this stupic rpc amplification
attack, even after I have enabled tcpwrapppers ( and it works as the
logs say) Since the udp packets response is being misdirected there is
no way the attacker knows that his amplification is not working so it
keeps on going. 10000 attempts per day filling my tcpwrapper logs.
William Unruh a ?crit :
The problem is that my one machine is "known" to have an open rpcinfo,
and thus it keeps getting hammered by this stupic rpc amplification
attack, even after I have enabled tcpwrapppers ( and it works as the
logs say) Since the udp packets response is being misdirected there is
no way the attacker knows that his amplification is not working so it
keeps on going. 10000 attempts per day filling my tcpwrapper logs.
You may consider to :
- specify the address(es) rpcbind listens on with -h ;
- filter undesirable RPC requests with iptables.
On 2015-10-10, Pascal Hambourg <boite-a-spam@plouf.fr.eu.org> wrote:
You may consider to :
- specify the address(es) rpcbind listens on with -h ;
- filter undesirable RPC requests with iptables.
rpcbind does not honour libwrap by default.
rpcbind does not honour libwrap by default.
Hi there
William Unruh wrote:
rpcbind does not honour libwrap by default.
Over here it does (libwrap);
sput:~$ which rpcbind
/sbin/rpcbind
sput:~$ ldd /sbin/rpcbind
linux-gate.so.1 => (0xb76f5000)
libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb76dd000)
libtirpc.so.1 => /lib/i386-linux-gnu/libtirpc.so.1 (0xb76b6000)
libpthread.so.0 => /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xb769c000)
libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7538000)
libnsl.so.1 => /lib/i386-linux-gnu/i686/cmov/libnsl.so.1 (0xb7521000)
libgssglue.so.1 => /lib/i386-linux-gnu/libgssglue.so.1 (0xb7516000)
libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb7512000)
/lib/ld-linux.so.2 (0xb76f6000)
Regards,
Rob
On 2015-10-12, Rob van der Putten <rob@sput.nl> wrote:
William Unruh wrote:
rpcbind does not honour libwrap by default.Over here it does (libwrap);
Which version? Which distribution?
Which version? Which distribution?
As I said it does not honour libwrap by default. You can compile it to
honour libwarp (--enable-libwrap in configure). And the default just
changed about 2 years ago.
William Unruh a ?crit :
On 2015-10-12, Rob van der Putten <rob@sput.nl> wrote:
William Unruh wrote:
rpcbind does not honour libwrap by default.Over here it does (libwrap);
Which version? Which distribution?
The mention of "Iceape" in the message headers suggests the distribution
is Debian or a derivative. Iceape is the unbranded version of Seamonkey provided by Debian.
Indeed rpcbind depends on libwrap0 in all currently maintained versions
of Debian.
Does rpcbind respect tcpwrapper or not?
On Thursday, October 1, 2015 at 8:50:21 AM UTC+1, William Unruh wrote:...
Does rpcbind respect tcpwrapper or not?
Running the binary through ldd will tell you what it was linked against:
kermit:/sbin # ldd rpcbind
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fb12349b000)..
(linked to libwrap here).
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 75:31:37 |
Calls: | 6,657 |
Calls today: | 3 |
Files: | 12,203 |
Messages: | 5,332,646 |
Posted today: | 1 |