HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers - Unix

This is a discussion on HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers - Unix ; We have servers running solaris 8, 9 or 10. Our mgnt wants us to restrict access to TCP and UDP ports 111 where portmapper is listening. Can one stop the "rpcbind" service ? If not, what's the workaround to block ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

  1. HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    restrict access to TCP and UDP ports 111 where portmapper is
    listening.
    Can one stop the "rpcbind" service ? If not, what's the workaround to
    block this port ?

    The "lsof -i:111" output below indicates the PID to be owned by /usr/
    sbin/rpcbind. Can someone reassign rpcbind to run on another port or
    stop it entirely?


    # rpcinfo -p
    program vers proto port service
    100000 4 tcp 111 rpcbind
    100000 3 tcp 111 rpcbind
    100000 2 tcp 111 rpcbind
    100000 4 udp 111 rpcbind
    100000 3 udp 111 rpcbind
    100000 2 udp 111 rpcbind


    # lsof -i:111
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    rpcbind 517 root 3u IPv4 0x30000435838 0t0 UDP *:sunrpc
    (Idle)
    rpcbind 517 root 6u IPv4 0x300001caf30 0t0 TCP *:sunrpc
    (LISTEN)


    # ps -ef | grep 517
    root 517 1 0 Mar 13? 0:00 /usr/sbin/rpcbind


    Thanks for your assistance,

    Bill


  2. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    underh20.scubadiving@gmail.com wrote:
    > We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    > restrict access to TCP and UDP ports 111 where portmapper is
    > listening.
    > Can one stop the "rpcbind" service ? If not, what's the workaround to
    > block this port ?
    >
    > The "lsof -i:111" output below indicates the PID to be owned by /usr/
    > sbin/rpcbind. Can someone reassign rpcbind to run on another port or
    > stop it entirely?
    >


    Do you or your management understand the purpose of the RPC port? Do
    you understand how many networking protocols use RPC? If you run NIS or
    NIS+, or NFS you need the RPC. Other software such as Oracle use RPC.
    Check /etc/rpc for a list of protocols.

    In Solaris 10, you use `svcadm disable /nentwork/rpc/bin:default`
    For a list of rpc services, `svcs -a |grep rpc`

    -G

  3. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    underh20.scubadiving@gmail.com wrote:
    > We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    > restrict access to TCP and UDP ports 111 where portmapper is
    > listening.


    easy, block access with ipfilter.

  4. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    On Mar 13, 7:28 pm, underh20.scubadiv...@gmail.com wrote:

    > Can one stop the "rpcbind" service ? If not, what's the workaround to
    > block this port ?


    You can probably stop it, but if you do then no RPC-based servers will
    work, so things like NFS and NIS will not work. On pre 10 machines
    you'd need to find the init script which runs it, on 10 (and after...)
    it will be a service and svcadm would stop it. You can not run it on
    another port because RPC clients know to talk to this port.

    I would *strongly* suggest trying stopping it on a scratch machine
    first to see if the machine vaguely works: it's not clear to me that
    it will. For instance on a Solaris 10 machine I have there are 19
    services which depend on rpcbind, including svc:/milestone/multi-
    user:default, so if I disable it I imagine the machine will not be
    able to come up multiuser.

    A better approach might be a firewall which blocks that port.

    --tim



  5. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    Or use hosts.allow...

    -Mark



  6. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    underh20.scubadiving@gmail.com wrote:
    > We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    > restrict access to TCP and UDP ports 111 where portmapper is
    > listening.


    man hosts.allow



    > Can one stop the "rpcbind" service ? If not, what's the workaround to
    > block this port ?
    >


    Don't block it. Too much depends on it. Deny access in a controlled way.


    > The "lsof -i:111" output below indicates the PID to be owned by /usr/
    > sbin/rpcbind. Can someone reassign rpcbind to run on another port or
    > stop it entirely?
    >
    >
    > # rpcinfo -p
    > program vers proto port service
    > 100000 4 tcp 111 rpcbind
    > 100000 3 tcp 111 rpcbind
    > 100000 2 tcp 111 rpcbind
    > 100000 4 udp 111 rpcbind
    > 100000 3 udp 111 rpcbind
    > 100000 2 udp 111 rpcbind
    >
    >
    > # lsof -i:111
    > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    > rpcbind 517 root 3u IPv4 0x30000435838 0t0 UDP *:sunrpc
    > (Idle)
    > rpcbind 517 root 6u IPv4 0x300001caf30 0t0 TCP *:sunrpc
    > (LISTEN)
    >
    >
    > # ps -ef | grep 517
    > root 517 1 0 Mar 13? 0:00 /usr/sbin/rpcbind
    >
    >
    > Thanks for your assistance,
    >
    > Bill
    >


  7. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    Thommy M. Malmström wrote:
    > underh20.scubadiving@gmail.com wrote:
    >> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    >> restrict access to TCP and UDP ports 111 where portmapper is
    >> listening.

    >
    > man hosts.allow


    Not in Solaris 8 (probably not in Solaris 9 either) unless you
    replace the rpcbind binary with a version that is tcpwrapper aware.

  8. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    Oscar del Rio wrote:
    > Thommy M. Malmström wrote:
    >> underh20.scubadiving@gmail.com wrote:
    >>> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    >>> restrict access to TCP and UDP ports 111 where portmapper is
    >>> listening.

    >>
    >> man hosts.allow

    >
    > Not in Solaris 8 (probably not in Solaris 9 either) unless you
    > replace the rpcbind binary with a version that is tcpwrapper aware.


    Man, am I forgetting fast... You're right. But there's ssh packages for
    that available.

  9. Re: HELP !! How to block port 111 - rpcbind at solaris 8,9 10 servers

    Mr. G D Geen wrote:
    > underh20.scubadiving@gmail.com wrote:
    >
    >> We have servers running solaris 8, 9 or 10. Our mgnt wants us to
    >> restrict access to TCP and UDP ports 111 where portmapper is
    >> listening.
    >> Can one stop the "rpcbind" service ? If not, what's the workaround to
    >> block this port ?
    >>
    >> The "lsof -i:111" output below indicates the PID to be owned by /usr/
    >> sbin/rpcbind. Can someone reassign rpcbind to run on another port or
    >> stop it entirely?
    >>

    >
    > Do you or your management understand the purpose of the RPC port? Do
    > you understand how many networking protocols use RPC? If you run NIS or
    > NIS+, or NFS you need the RPC. Other software such as Oracle use RPC.
    > Check /etc/rpc for a list of protocols.
    >
    > In Solaris 10, you use `svcadm disable /nentwork/rpc/bin:default`
    > For a list of rpc services, `svcs -a |grep rpc`
    >
    > -G


    I'd suggest a "white mutiny" policy here. If management insists, get it
    in writing and comply! Blind obedience and management can then live
    with the consequences.

    Another alternative is to look for a job at a company with smarter
    management.



+ Reply to Thread