[Dshield] subnets, labrea, and sunrpc
ms at mbshafer.com
Sun Mar 24 21:55:13 GMT 2002
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Sent: Saturday, March 23, 2002 9:30 PM
To: list at dshield.org
Subject: [Dshield] subnets, labrea, and sunrpc
>doesn't do make install, only make. I have no idea where it went, I
>looked in all those places.
"man find" will prove useful
>Well I had to tighten this computer up first anyway, that was my first
>linux install and though pretty it wasn't real secure. Had to start
true enough!:) RH is a nice distro but isn't real secure "out of the
box." Needs lots of hardening.
>never land I got the hint... sunrpc connecting to some 216.xxx (a
>webbot?) address all day... what is sunrpc is probably a much better
RPC = remote procedure call - protocol used for such items as
NFS-typically on port 111. Security wise a very commonly exploited
service. The bad boys & gals commonly scan the net for RPC111. I see
about 30+ hits per week on my firewall for 111.
A tremendous resource are the linux how tos and other guides at
For starters may I suggest a complete read of (in order given):
As to guides:
Linux System Admin Guide (Wirzenius et al)
Linux Network Admin's Guide (Kirch/Dawson)
Securing and Optimizing Linux RH Ed.
Also as per the excellent suggestion consider installing an
"off-the-shelf" firewall solution. An unsecured linux box (or any other)
on the net is both a nuisance to the net and a potential liability to
it's owner. While this is a newly developing area of law increasingly
the thinking is moving towards holding to some degree of liability the
owners/administrators of systems that are used to attack other systems.
And as disclaimers seem to be also necessary these days no I'm not a
lawyer and this isn't legal advise! :)
Lastly I always run an nmap scan on my own and clients' systems every
couple of weeks and always use one of the online scans for every new
install I do for clients.
More information about the list