Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> Wow! OK. I can detect a "portmap" process with ps. I left it running
> because I read somewhere that it was needed to make rpc calls. From what
> you wrote I guess I won't really be needing those services that make rpc
> calls so I'm killing it.
>
> I'm kinda wondering though... why does it start up? I'm trying to search
> my init scripts and I haven't found where it's called up. It could be
> anywhere though, couldn't it?
Sounds like you're asking two questions: (1) _Why_ did your distribution
set it to autostart? A lot of distribution-makers seems to feel that
the portmapper's commonly-enough needed by other services (NIS and NFS
server processes, mostly, but also lesser-known ones) that it might as
well be a default service. I don't agree, but there are at least as
many opinions as there are sysadmins. ;->
(2) _How_ did you distribution set it to autostart? You'll have to find
this for yourself. (Sorry.) For one thing, I don't even know what
you're running. For another, you need to know how your system works.
>> 6000 is almost certainly your X11 server. 7102, probably the X11 font
>> server. You should make sure that those ports cannot be reached from
>> anywhere but localhost.
>
> Will a line like this work?
>
> ipchains -A input --dport :6000 -j DENY
A few words about blocking ports versus disabling services:
Blocking ports is something of a bandaid. That is, the vulnerability
exists because you've elected to run (or persist in running) a
vulnerable piece of network-server software that is advertising services
to remote machines. By blocking ports, you're papering over the
underlying problem rather than removing it.
What I'm saying is that, if your X11 server is currently configured to
accept incoming network connections, in your shoes I'd reconfigure it to
stop doing so, instead of trying to hide the problem using
port-filtering rulesets. Same thing with your font server.
Run only the network-daemon services you need, using software you
consider minimally risky. And, if you don't know what's running and how
to reconfigure it, figuring that out is logically your next task.
Suggestion: Study your machines using nmap. And don't start blocking
lots of ports without studying TCP/IP, first. For one thing, you almost
certainly need to be able to accept incoming connections on a variety of
high-numbered ports for normal operations.
--
Cheers, "Transported to a surreal landscape, a young girl kills the first
Rick Moen woman she meets, and then teams up with three complete strangers
[EMAIL PROTECTED] to kill again." -- Rick Polito's That TV Guy column,
describing the movie _The Wizard of Oz_
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
