Subject: libwrap (was Re: amd vulnerability: patch for 1.3.3)
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Brian C. Grayson <bgrayson@marvin.ece.utexas.edu>
List: tech-security
Date: 10/17/1999 23:25:34
by redmail.netbsd.org with SMTP; 18 Oct 1999 04:25:39 -0000
Message-ID: <19991017232534.A14455@marvin.ece.utexas.edu>
Date: Sun, 17 Oct 1999 23:25:34 -0500
From: "Brian C. Grayson" <bgrayson@marvin.ece.utexas.edu>
To: Manuel Bouyer <bouyer@antioche.lip6.fr>, tech-security@netbsd.org
Subject: libwrap (was Re: amd vulnerability: patch for 1.3.3)
References: <19990927214555.A5426@antioche.lip6.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <19990927214555.A5426@antioche.lip6.fr>; from Manuel Bouyer on Mon, Sep 27, 1999 at 09:45:55PM +0200
Our machines have been experiencing the amd attack for a few
weeks. As a temporary workaround until I can reinstall/upgrade,
I tried to use libwrap to refuse connections to amq from outside.
However, it doesn't seem to work. Could someone please tell me
what I'm doing wrong? :)
Steps on machine k9:
kill `ps -ax | awk '{if ($5 == "portmap") print $1}'`
kill `ps -ax | awk '{if ($5 == "amd") print $1}'`
echo "amd : ALL EXCEPT localhost k9" > /etc/hosts.deny
rm /etc/hosts.allow
portmap -l
amd -p -a /a /amd /etc/amd.home.map
rpcinfo -p ## Good, service registered.
amq ## Expected output.
>From another machine, marvin:
amq -h k9
## AACK! The other machine was able to perform the action!
I've tried to disable rup and rusers, to no avail. So which
crucial part of libwrap am I not doing right? This machine is
running NetBSD-1.4K kernel, with userland from the ELF upgrade
from July or August. I tried compiling a -current portmap, with
no change.
TIA!
Brian Grayson