LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-01-2006, 09:21 AM   #1
Robhogg
Member
 
Registered: Sep 2004
Location: Old York, North Yorks.
Distribution: Debian 7 (mainly)
Posts: 653

Rep: Reputation: 97
Can sunrpc be configured to listen only to localhost?


I've been reading about the vulnerabilities arising from the sunrpc server. Running netstat -A inet --listening shows the following services:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 localhost:10024         *:*                     LISTEN
tcp        0      0 localhost:10025         *:*                     LISTEN
tcp        0      0 *:mysql                 *:*                     LISTEN
tcp        0      0 *:sunrpc                *:*                     LISTEN
tcp        0      0 *:ipp                   *:*                     LISTEN
tcp        0      0 localhost:smtp          *:*                     LISTEN
udp        0      0 *:filenet-tms           *:*
udp        0      0 *:bootpc                *:*
udp        0      0 *:mdns                  *:*
udp        0      0 *:sunrpc                *:*
udp        0      0 *:ipp                   *:*
I guess that the "*:*" under "Foreign Address" means that it is listening for connection requests from any other address. When I scan port 111 using Shields Up!, it is shown to be stealthed (due to the firewall). However, I would feel more comfortable if it was listening only to localhost.

Is it possible to configure it to do this? Do I need it to be running at all?

Also, any comments on *:filenet-tms? This is listening on port 32768. Under "Trojan Sightings", Shields Up! shows Hacker's Paradise

Thanks,
Rob
 
Old 03-01-2006, 10:50 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Do you actually need sunrpc running?

Do you need all of those services running?

This is listening on port 32768. Under "Trojan Sightings", Shields Up! shows Hacker's Paradise
Port 32768 is part of the dynamic port range, so any unprivileged service can open a socket on it. It also happens to be a very common first port allocated when any unprivileged service establishes a port in linux.

To find out what service that is, try running 'lsof -i :32768' or alternatively 'netstat -pantu | grep 32768' and then lookup the PID number in /proc/<PID>/cmdline. My guess would be that it belongs to the rpc service. I highly doubt that it's Hackers Paradise and most of those scanners simply match open ports to a list of common service/trojan ports rather than doing any kind of port interrogation like nmap.
 
Old 03-01-2006, 05:27 PM   #3
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Rep: Reputation: 15
a not very nice sollution could be to block the port with iptables except lo
 
Old 03-02-2006, 07:37 PM   #4
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Run "rpcinfo -p localhost" to see currently available RPC services. The portmapper always binds to 0.0.0.0:111 but you can add the line "portmap: ALL" to /etc/hosts.deny or "portmap: DENY: ALL" to /etc/hosts.allow. See "man 5 hosts.allow".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RedHat: dhcpd.conf - error: Not configured to listen on any interfaces! alinuxLQ Linux - Networking 8 11-05-2015 07:00 PM
sunrpc nanoprobe Red Hat 2 05-07-2005 06:18 PM
"Listen on localhost" - what does it mean? george_mercury Programming 5 12-26-2004 07:28 PM
dhcpd - Not configured to listen on any interfaces. ritter Linux - Networking 1 07-05-2004 04:48 PM
X11 server to listen on single configured interface kailesmith Linux - Networking 0 08-09-2003 06:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration