On Fri, 28 Aug 1998, A Mennucc1 wrote: > I propose this short script for people running > Linux 2.0 > > it will use ip input firewalling to stop accesses to RPC services > but from a list of allowed hosts. knfsd is also vulnerable, here is another short script "rpc-deny" for people using 2.1: #!/usr/bin/perl -w $rpcdeny = '/sbin/ipchains -A rpc-deny -l -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 '; $rpcinfo = "/usr/bin/rpcinfo"; system("/sbin/ipchains -N rpc-deny"); system("/sbin/ipchains -F rpc-deny"); system("/sbin/ipchains -A input -i ppp+ -j rpc-deny"); open (RPCINFO, "-|") || exec($rpcinfo, '-p', 'localhost') ; while (<RPCINFO>) { next if /\s+program\s+vers/; /(\S+)\s+(\S+)\s+(\S+)$/; ($proto,$port,$name) = ($1,$2,$3); system("echo Deny $name on $proto port $port\n"); system("$rpcdeny $port -p $proto"); }
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:14:00 PDT