On Sun, Jun 26, 2005 at 01:25:47AM +1000, elliott-brennan wrote: > I've noticed that I have the following entry in my firewall > (Firestarter): (it's the last one I'm curious about: 32768) > > Active Internet connections (servers and established) > udp 0 0 *:32768 *:* > 2735/rpc.statd > > Can anyone enlighten me please (I'm afraid I'm not certain what it is)?
rpc.statd is used by NFS (for reboot notifications). It, along with portmap, have been used for numerous exploits in the past. I haven't seen any for a long time now, but their history leads me to trust them about as much as I'd trust sendmail (ie, I don't). If you're not using NFS, then I recommend turning both of them off (rpc.lockd too, if it's running). If you are using it, then I suggest setting your firewall to block access to them from outside your network. Cheers, Paul. -- Paul Dwerryhouse | PGP Key ID: 0x6B91B584 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
