scans to portmap port

Ing Meloni · ‎08-27-2001

I checked with tcpdump the connections
to my servers over the weekend.
There were as expected plenty of scans, especially on port 111.
There is a way to filter connections
to this port (I use NFS, so I can't
just remove the service), or a way to
restrict the use of the rpcinfo command only to localhost?

Thanks

eran maor · ‎08-27-2001

Hi

did you try the rpcinfo -p localhost ?

love computers

Ing Meloni · ‎08-27-2001

Sorry, my english isn't that good.
What I wanted to say is that I am looking
a way to avoid nasty people receive an answer
from my server
when they scan me with a 'rpcinfo -p myserver'.

linuxfan · ‎08-27-2001

Hi,

Is your machine directly connected to the internet? Then you should seriously consider using a firewall. You could also look at ipfilter.
http://coombs.anu.edu/au/~avalon/ip-filter.html

If you just want to prevent portscan, you could look at something like portsentry. ( I know it has been tested on HP-UX 10.20 not sure about 11.0). Here is the link for portsentry

http://www.psionic.com/abacus/portsentry

-HTH
Ramesh

They think they know but don't. At least I know I don't know - Socrates

Ralf Hildebrandt · ‎08-28-2001

a) Consider running an IDS instead of tcpdump. Check out www.snort.org, it's libpcap based (like tcpdump) and has extensive rulesets
b) Consider replacing portmap by a protmapper that honors /etc/hosts.allow and hosts.deny (tcp_wrappers)

ftp://ftp.porcupine.org/pub/security/index.html#software
or better:
ftp://ftp.porcupine.org/pub/security/portmap_4.tar.gz

Postfix/BIND/Security/IDS/Scanner, you name it...

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

scans to portmap port

scans to portmap port

Re: scans to portmap port

Re: scans to portmap port

Re: scans to portmap port

Re: scans to portmap port