Re: Disabling RPC on a Sun U-60 (fwd)

[Nicholas Tang <ntang () nachtwache org>]

A few people have asked if NIS is running on these boxes.  The answer is
no - they're firewalls after all - so that's not the problem.  They're
running essentially no services except telnet, ftp, (both tcp
wrapper-ed) and ssh.

Question: do they need to have _any_ name service?  They aren't even
pointing at DNS servers yet, but it seems to me (and I could be wrong)
that while it shouldn't be an issue - telnet/ftp/ssh'ing into the box
might be a little slower initially as it tries to do a reverse lookup and
fails, but it shouldn't prevent it.  I know I've done it in the past on
other unixes without problems.

Nicholas

---------- Forwarded message ----------
Date: Tue, 11 Apr 2000 13:26:01 -0400
From: Steven M. Bellovin <smb () research att com>
To: Nicholas Tang <ntang () nachtwache org>
Subject: Re: [fw-wiz] Disabling RPC on a Sun U-60 

In message <Pine.LNX.4.21.0004051725440.10528-100000 () obijuan megapath net>, Nic
holas Tang writes:
> I was just asked a question, and I didn't know the answer, but I figured
> someone on here must.
>
> Our security admin has had repeated problems with disabling RPC on Sun
> Ultra-60's running Solaris 2.6.  After disabling it, he says telnet and
> some other tcp services start hanging.
>
> Does anyone have any idea why?  The services are all running through inetd
> and without TCP Wrappers (yet).  I don't recall ever seeing that before
> but he says every U-60 he's used has done that.
At a guess, the problem is that host name and address resolution are being 
done via NIS, which in turn requires RPC.  Reconfigure to use the DNS directly 
and you shouldn't have that problem.

                --Steve Bellovin