I don't like sunrpc hanging out at all exposed to the world. I get probed regularly on it. Block it out with /etc/hosts.deny the following way: PORTMAP : ALL
I usually install ipchains on my box and then block out the ports I don't want exposed with: ipchains -F #remove all the rules, the default is alot of things that allow you to still operate the box from afar ipchains -A input -p TCP -s 0.0.0.0/0 -d 0.0.0.0/0 $portnumber -j REJECT #portnumber for sunrpc is 111, printer is 515. Use nmap to see what ports are open. Unfortunately, most security is just knowing what stuff does, so there's no substitute for being a good sysad. Look around. I usually check something I don't know what it is with a web search for "exploit linux processname" to see what's been reported on it. Martin Bishop wrote: > Hi, > > Netstat shows the following services on my home machine: > > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 *:printer *:* LISTEN > tcp 0 0 *:dict *:* LISTEN > tcp 0 0 *:sunrpc *:* LISTEN > tcp 0 0 *:auth *:* LISTEN > tcp 0 0 *:smtp *:* LISTEN -- Organizing Linux users is like herding cats, only harder.
