LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-16-2004, 03:17 PM   #1
jbeiter
Member
 
Registered: Jul 2004
Posts: 101

Rep: Reputation: 15
portmap attack


It doesn't appear someone got into my system but I'm a bit concerned by the entries listed
below.

This is a limited access system and I pretty much have everything blocked except for two external hosts in hosts.allow then deny everything else.

---------------------------------------------------------------------------------------
Dec 11 01:59:25 glyph portmap[27020]: connect from 61.161.139.6 to getport(status): request from unauthorized host
Dec 15 22:14:25 glyph portmap[7868]: connect from 221.116.253.130 to getport(status): request from unauthorized host
----------------------------------------------------------------------------------------

is this cause for alarm? Is there a better way to block requests to portmap?

I also didn't like this much:
----------------------------------------------------------------------------
Nov 18 06:06:55 glyph portmap[9926]: connect from 220.248.181.22 to dump(): request from unauthorized host
Dec 9 11:48:16 glyph portmap[10990]: connect from 200.56.98.77 to dump(): request from unauthorized host
-----------------------------------------------------------------------------
 
Old 12-17-2004, 02:52 PM   #2
jbeiter
Member
 
Registered: Jul 2004
Posts: 101

Original Poster
Rep: Reputation: 15
5.2.2. Protect portmap With iptables

To further restrict access to the portmap service, it is a good idea to add iptables rules to the server restricting access to specific networks.

Below is are two example iptables commands that allow TCP connections to the portmap service (listening on port 111) from the 192.168.0/24 network and from the localhost (which is necessary for the sgi_fam service used by Nautilus). All other packets are dropped.

iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT

To similarly limit UDP traffic, use the following command.

iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it portmap necessary? dominant Linux - Newbie 2 06-23-2004 12:37 PM
FAM and PORTMAP! neenee Slackware 2 04-10-2003 05:29 PM
portmap module help neenee Slackware 2 04-04-2003 07:10 AM
portmap did not install (why not?) int0x80 Linux - Networking 0 10-28-2002 07:21 AM
NFS / portmap with RH 7.3 ychimin2000 Linux - Networking 5 10-18-2002 08:16 PM


All times are GMT -5. The time now is 02:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration