Re: [LUG] Lovesan

To: "DCLUG" <list@xxxxxxxxxxxx>
Subject: Re: [LUG] Lovesan
From: Neil Williams <linux@xxxxxxxxxxxxxx>
Date: Fri, 15 Aug 2003 18:59:23 +0100
Reply-to: list@xxxxxxxxxxxx

On Friday 15 Aug 2003 2:02 am, Simon Waters wrote:
> Luke Hinds wrote:
> > You know this lovesan virus thats causing mayhem at the moment.
>
> Not to Linux users is it? I think the US power outage has taken some web
> sites downs, but not many, this is my main issue, other things seem
> quite fast! Probably lack of North American clients systems.

Loevsan isn't causing trouble on Linux, but what do you think of this comment 
on The Register?

http://www.theregister.co.uk/content/55/31799.html
RPC has been buggy since the day it was born on UNIX and ought to be disabled 
on any non-Windows machine that doesn't need it. On *nix it's usually 
available on port 111 (sunrpc), but this is not chisled in stone. If 
portmapping is active it may find another outlet via UDP ports higher than 
32770. You can set your firewall to block TCP/UDP port 111 or, even better, 
disable the portmapper altogether if you don't need it. It is necessary for 
NFS (Network File System) and NIS (Network Information Service); otherwise 
its just a hole. ®

NFS shouldn't be visible over the internet but for machines (like mine) that 
do use it, but what's the significance of the line:
"If portmapping is active it may find another outlet via UDP ports higher than 
32770" ?

I'm not clear from that comment if RPC is actually needed for NFS - it seems 
to only indicate portmapper as necessary.

Having demonstrated NFS at the meeting, should I now be thinking of using 
Samba instead (so that portmapper doesn't have to be started)? I like the 
ability to backup from a genuine Linux filesystem (to preserve permissions on 
the networked machines).

Simon, can you remind me how to test the firewall on this connection? I can 
connect the laptop via a different ISP using the modem, but what do I need 
and what should I look for, once I've found the IP of the active ISDN 
connection from inside the LAN?

> state of your port 135, I just have ipchains set to DENY.

This is just to save effort, right? Linux RPC is on 111 (also listed for 369 
and 530) and I've got nothing for 135 in /etc/services. 

> One time the payload will be malicious and a lot of people will be
> restoring data from tapes or wishing they could.

Maybe then people will listen?

-- 

Neil Williams
=============
http://www.codehelp.co.uk
http://www.dclug.org.uk

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3

Attachment: pgp00024.pgp
Description: signature

[LUG] RPC/NFS (was: Lovesan)
- From: Alex Charrett
Re: [LUG] Lovesan
- From: Simon Waters

References:
- [LUG] Lovesan
  - From: Luke Hinds
- Re: [LUG] Lovesan
  - From: Simon Waters

Prev by Date: [LUG] REF egov webguidelines.
Next by Date: Re: [LUG] GNOME Settings Daemon
Previous by thread: Re: [LUG] Lovesan
Next by thread: [LUG] RPC/NFS (was: Lovesan)
Index(es):
- Date
- Thread

Lynx friendly