Hi, 26Jun2005 @ 08:18 Paul Dwerryhouse thusly spake > On Sun, Jun 26, 2005 at 01:25:47AM +1000, elliott-brennan wrote: > > I've noticed that I have the following entry in my firewall > > (Firestarter): (it's the last one I'm curious about: 32768) > > > > Active Internet connections (servers and established) > > udp 0 0 *:32768 *:* > > 2735/rpc.statd > > > > Can anyone enlighten me please (I'm afraid I'm not certain what it is)? > > rpc.statd is used by NFS (for reboot notifications). It, along with > portmap, have been used for numerous exploits in the past. I haven't > seen any for a long time now, but their history leads me to trust them > about as much as I'd trust sendmail (ie, I don't). > > If you're not using NFS, then I recommend turning both of them off > (rpc.lockd too, if it's running).
How would you go about turning them off? On a FC3 system would removing the file 'nfslock' from /etc/rc.d/init.d/ do it? kind regards, Luke -- ............._.. .| .| |.|/.|_ . .|__.|_|.|\.|_ . :61 421 276 282: -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
