Gnome2 hangs on startup
Joe Marcus Clarke
marcus at marcuscom.com
Sun Oct 10 21:53:58 PDT 2004
On Sun, 2004-10-10 at 01:00, Randy Bush wrote:
> > If you firewall off TCP and UDP 111, and only allow local hosts to
> > connect (maybe _just_ localhost) you should never have a problem with
> > it.
>
> well, as a security friend sez
>
> One more thing: if you're running rpcbind, you're presumably
> running some other service that talks to it. You need to block
> its port(s), too.
>
> so, what else needs blocking?
I was assuming you would otherwise be properly firewalled, and only
allowing in connections to a small set of known ports. However, I
believe FAM listens on random high TCP ports.
>
> and, btw, you can't just block 111 from non-127/8. you could get
> an attack toward your 127/8. you need to block 127/8 after
> allowing lo0.
Of course. The standard client ipfw profile should provide you with
enough protection.
Joe
>
> and that's why i hate this stuff.
>
> randy
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-gnome/attachments/20041011/5e2d7376/attachment.bin
More information about the freebsd-gnome
mailing list