[Dshield] subnets, labrea, and sunrpc

mbshafer ms at mbshafer.com
Sun Mar 24 21:55:13 GMT 2002


---Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On Behalf
Of Susan
Sent: Saturday, March 23, 2002 9:30 PM
To: list at dshield.org
Subject: [Dshield] subnets, labrea, and sunrpc


>doesn't do make install, only make. I have no idea where it went, I 
>looked in all those places.

"man slocate"
"man locate"
"man find"		 will prove useful


>Well I had to tighten this computer up first anyway, that was my first 
>linux install and though pretty it wasn't real secure. Had to start
somewhere..

true enough!:) RH is a nice distro but isn't real secure "out of the
box." Needs lots of hardening. 

>never land I got the hint... sunrpc connecting to some 216.xxx (a
google 
>webbot?) address all day... what is sunrpc is probably a much better 
>question.

RPC = remote procedure call - protocol used for such items as
NFS-typically on port 111. Security wise a very commonly exploited
service. The bad boys & gals commonly scan the net for RPC111. I see
about 30+ hits per week on my firewall for 111.


A tremendous resource are the linux how tos and other guides at
http://www.linuxdoc.org .
For starters may I suggest a complete read of (in order given):

Networking-Overview-HOWTO
Net-HOWTO
Security-Quickstart-HOWTO
Security-HOWTO
Security-Quickstart-Redhat-HOWTO

As to guides:

Linux System Admin Guide (Wirzenius et al)
Linux Network Admin's Guide (Kirch/Dawson)
Securing and Optimizing Linux RH Ed.



Also as per the excellent suggestion consider installing an
"off-the-shelf" firewall solution. An unsecured linux box (or any other)
on the net is both a nuisance to the net and a potential liability to
it's owner. While this is a newly developing area of law increasingly
the thinking is moving towards holding to some degree of liability the
owners/administrators of systems that are used to attack other systems.
And as disclaimers seem to be also necessary these days no I'm not a
lawyer and this isn't legal advise! :)

Lastly I always run an nmap scan on my own and clients' systems every
couple of weeks and always use one of the online scans for every new
install I do for clients.


Regards,

Mike Shafer
Pittsburgh,PA,USA






More information about the list mailing list