On Sat, Aug 19, 2000 at 06:29:09AM -0500, Richard Rauch wrote:
   > I've seen a number of log messages in /var/log/authlog of the form
   > ``rpcbind: connect from 216.123.160.11 to dump()''.  (I'm running rpcbind
   > since I'm currently using NFS.  I assume that I only need rpcbind running
   > on the NFS server, correct?)
   > 

[snip]

   >  * Is there a simple way that I can disable this without impairing NFS?

   Not really

   >    (Or, alternatively, a way that I can blacklist addresses from any
   >    network contact?)

   If you're not behind a filtering router (how comes there are still machines not
   protected by a filtering router these days ? :) you can use ipf on you machine
   to restrict access to some services. This is the best solution.

   --
   Manuel Bouyer <bouyer@antioche.eu.org>
   --





Depending on how far you are willing to go, something like this:


portmap: ALL EXCEPT .my.domain.org, localhost


in the /etc/hosts.deny file on the NFS server can do wonders in stopping
RPC scanning.  If you attempt 'rpcinfo -p machine.with.above.org' you get
fairly uninteresting results.




Brad Spencer - brad@anduin.eldar.org   http://anduin.eldar.org
[finger brad@anduin.eldar.org for PGP public key]