Subject: libwrap (was Re: amd vulnerability: patch for 1.3.3)
To: Manuel Bouyer <>
From: Brian C. Grayson <>
List: tech-security
Date: 10/17/1999 23:25:34
  by with SMTP; 18 Oct 1999 04:25:39 -0000
Message-ID: <>
Date: Sun, 17 Oct 1999 23:25:34 -0500
From: "Brian C. Grayson" <>
To: Manuel Bouyer <>,
Subject: libwrap (was Re: amd vulnerability: patch for 1.3.3)
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <>; from Manuel Bouyer on Mon, Sep 27, 1999 at 09:45:55PM +0200

  Our machines have been experiencing the amd attack for a few
weeks.  As a temporary workaround until I can reinstall/upgrade,
I tried to use libwrap to refuse connections to amq from outside.
However, it doesn't seem to work.  Could someone please tell me
what I'm doing wrong?  :)

Steps on machine k9:

kill `ps -ax | awk '{if ($5 == "portmap") print $1}'`
kill `ps -ax | awk '{if ($5 == "amd") print $1}'`
echo "amd : ALL EXCEPT localhost k9" > /etc/hosts.deny
rm /etc/hosts.allow
portmap -l
amd -p -a /a /amd /etc/
rpcinfo -p	##  Good, service registered.
amq		##  Expected output.

>From another machine, marvin:

amq -h k9
##  AACK!  The other machine was able to perform the action!

  I've tried to disable rup and rusers, to no avail.  So which
crucial part of libwrap am I not doing right?  This machine is
running NetBSD-1.4K kernel, with userland from the ELF upgrade
from July or August.  I tried compiling a -current portmap, with
no change.


  Brian Grayson