HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Unix and Linux reviews > Free Unix support > Unix administration > HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
underh20.scubadiving@gmail.com


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-14-07 12:17 AM

We have servers running solaris 8, 9 or 10. Our mgnt wants us to
restrict access to TCP and UDP ports 111 where portmapper is
listening.
Can one stop the "rpcbind" service ?  If not, what's the workaround to
block this port ?

The "lsof -i:111" output below indicates the PID to be owned by /usr/
sbin/rpcbind.  Can someone reassign rpcbind to run on another port or
stop it entirely?


# rpcinfo -p
program vers proto   port  service
100000    4   tcp    111  rpcbind
100000    3   tcp    111  rpcbind
100000    2   tcp    111  rpcbind
100000    4   udp    111  rpcbind
100000    3   udp    111  rpcbind
100000    2   udp    111  rpcbind


# lsof -i:111
COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
rpcbind 517 root    3u  IPv4 0x30000435838      0t0  UDP *:sunrpc
(Idle)
rpcbind 517 root    6u  IPv4 0x300001caf30      0t0  TCP *:sunrpc
(LISTEN)


# ps -ef | grep 517
root   517     1  0   Mar 13?     0:00 /usr/sbin/rpcbind


Thanks for your assistance,

Bill




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Mr. G D Geen


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-14-07 12:17 AM

underh20.scubadiving@gmail.com wrote:
> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
> restrict access to TCP and UDP ports 111 where portmapper is
> listening.
> Can one stop the "rpcbind" service ?  If not, what's the workaround to
> block this port ?
>
> The "lsof -i:111" output below indicates the PID to be owned by /usr/
> sbin/rpcbind.  Can someone reassign rpcbind to run on another port or
> stop it entirely?
>

Do you or your management understand the purpose of the RPC port?  Do
you understand how many networking protocols use RPC?  If you run NIS or
NIS+, or NFS you need the RPC.  Other software such as Oracle use RPC.
Check /etc/rpc for a list of protocols.

In Solaris 10, you use `svcadm disable /nentwork/rpc/bin:default`
For a list of rpc services, `svcs -a |grep rpc`

-G




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Oscar del Rio


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-14-07 12:17 AM

underh20.scubadiving@gmail.com wrote:
> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
> restrict access to TCP and UDP ports 111 where portmapper is
> listening.

easy, block access with ipfilter.




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Thommy M. Malmström


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-14-07 06:24 PM

underh20.scubadiving@gmail.com wrote:
> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
> restrict access to TCP and UDP ports 111 where portmapper is
> listening.

man hosts.allow



> Can one stop the "rpcbind" service ?  If not, what's the workaround to
> block this port ?
>

Don't block it. Too much depends on it. Deny access in a controlled way.


> The "lsof -i:111" output below indicates the PID to be owned by /usr/
> sbin/rpcbind.  Can someone reassign rpcbind to run on another port or
> stop it entirely?
>
>
> # rpcinfo -p
>    program vers proto   port  service
>     100000    4   tcp    111  rpcbind
>     100000    3   tcp    111  rpcbind
>     100000    2   tcp    111  rpcbind
>     100000    4   udp    111  rpcbind
>     100000    3   udp    111  rpcbind
>     100000    2   udp    111  rpcbind
>
>
> # lsof -i:111
> COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
> rpcbind 517 root    3u  IPv4 0x30000435838      0t0  UDP *:sunrpc
> (Idle)
> rpcbind 517 root    6u  IPv4 0x300001caf30      0t0  TCP *:sunrpc
> (LISTEN)
>
>
> # ps -ef | grep 517
>     root   517     1  0   Mar 13?     0:00 /usr/sbin/rpcbind
>
>
> Thanks for your assistance,
>
> Bill
>




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Oscar del Rio


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-14-07 06:24 PM

Thommy M. Malmström wrote:
> underh20.scubadiving@gmail.com wrote: 
>
> man hosts.allow

Not in Solaris 8 (probably not in Solaris 9 either) unless you
replace the rpcbind binary with a version that is tcpwrapper aware.




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Thommy M.


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-16-07 12:24 AM

Oscar del Rio wrote:
> Thommy M. Malmström wrote: 
>
> Not in Solaris 8 (probably not in Solaris 9 either) unless you
> replace the rpcbind binary with a version that is tcpwrapper aware.

Man, am I forgetting fast... You're right. But there's ssh packages for
that available.




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Richard B. gilbert


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-16-07 06:19 PM

Mr. G D Geen wrote:
> underh20.scubadiving@gmail.com wrote:
> 
>
> Do you or your management understand the purpose of the RPC port?  Do
> you understand how many networking protocols use RPC?  If you run NIS or
> NIS+, or NFS you need the RPC.  Other software such as Oracle use RPC.
> Check /etc/rpc for a list of protocols.
>
> In Solaris 10, you use `svcadm disable /nentwork/rpc/bin:default`
> For a list of rpc services, `svcs -a |grep rpc`
>
> -G

I'd suggest a "white mutiny" policy here.  If management insists, get it
in writing and comply!  Blind obedience and management can then live
with the consequences.

Another alternative is to look for a job at a company with smarter
management.




[ Post a follow-up to this message ]



    Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers  
Michael Vilain


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
03-17-07 06:27 AM

In article <45FAAF6E.1040003@comcast.net>,
"Richard B. gilbert" <rgilbert88@comcast.net> wrote:

> Mr. G D Geen wrote: 
>
> I'd suggest a "white mutiny" policy here.  If management insists, get it
>   in writing and comply!  Blind obedience and management can then live
> with the consequences.
>
> Another alternative is to look for a job at a company with smarter
> management.

Something like this happened to a colleague when he was an admin at LSI
Logic.  Their network was a real hodge podge of bridged segments that
sort of grew out of unplanned primordial slime.  They had a really
dangerous numbnuts for a boss who thought he knew about network design
and security.

Numbnuts ordered a router between 2 networks to be configured to no
longer bridge the two segments.  The admin told him "that's not a good
idea and here's why".  He even wrote a full document on why and cc-ed
Numbnuts' boss.   He was told "Just do it." by the enraged boss.  So the
admin did.  Then he went on 2-week vacation, knowing that since he was
the only person who knew the network topology and how to fix the routers
would cause two departments to become totally isolated.

When the admin got back, he was ordered in Numbnuts' office, where he
promptly handed the guy his letter of resignation.  It seems the boss
was going to fire him for "screwing up their network" for two weeks.  HR
sympathized with the admin at his exit interview that he was just
"following orders", but he could have done it in a more politically
astute way.

Within a month of this incident, the entire system admin staff quit and
walked out en-masse.  Before LSI Logic restaffed, I think they found
another opportunity for Numbnuts--one that involved no direct reports.

Having it in writing won't make it any easier to fire you.  It may get
you some money if you sue for wrongful termination.  But that's sort of
a career limiting move, don't you think.

--
DeeDee, don't press that button!  DeeDee!  NO!  Dee...




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 05:39 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register