Firewall Wizards mailing list archives
Re: Disabling RPC on a Sun U-60 (fwd)
From: Nicholas Tang <ntang () nachtwache org>
Date: Tue, 11 Apr 2000 20:46:03 -0400 (EDT)
A few people have asked if NIS is running on these boxes. The answer is no - they're firewalls after all - so that's not the problem. They're running essentially no services except telnet, ftp, (both tcp wrapper-ed) and ssh. Question: do they need to have _any_ name service? They aren't even pointing at DNS servers yet, but it seems to me (and I could be wrong) that while it shouldn't be an issue - telnet/ftp/ssh'ing into the box might be a little slower initially as it tries to do a reverse lookup and fails, but it shouldn't prevent it. I know I've done it in the past on other unixes without problems. Nicholas ---------- Forwarded message ---------- Date: Tue, 11 Apr 2000 13:26:01 -0400 From: Steven M. Bellovin <smb () research att com> To: Nicholas Tang <ntang () nachtwache org> Subject: Re: [fw-wiz] Disabling RPC on a Sun U-60 In message <Pine.LNX.4.21.0004051725440.10528-100000 () obijuan megapath net>, Nic holas Tang writes:
I was just asked a question, and I didn't know the answer, but I figured someone on here must. Our security admin has had repeated problems with disabling RPC on Sun Ultra-60's running Solaris 2.6. After disabling it, he says telnet and some other tcp services start hanging. Does anyone have any idea why? The services are all running through inetd and without TCP Wrappers (yet). I don't recall ever seeing that before but he says every U-60 he's used has done that.
At a guess, the problem is that host name and address resolution are being done via NIS, which in turn requires RPC. Reconfigure to use the DNS directly and you shouldn't have that problem. --Steve Bellovin
Current thread:
- Re: Disabling RPC on a Sun U-60 (fwd) Nicholas Tang (Apr 13)
- Re: Disabling RPC on a Sun U-60 (fwd) Bennett Todd (Apr 18)