Security issues and LDM

Since most ldm users are putting port 388 tcp/udp in the /etc/services file,
the firewalling software can just allow traffic to/from that port.

However, for those of us not using port 388, we need to use smarter firewall
software that can determine what type of packet it is, and route it
accordingly.  The one disadvantage to this approach being all rpc traffic is
let through the firewall.

On the other hand, by specifying a port in the /etc/services file, there is
no reason to use the rpc protocol.

Either way, it can be done.
Brad Teale
Universal Weather & Aviation, Inc.
<mailto:bteale@xxxxxxxxxxxx>
713-944-1440 ext. 3623

-----Original Message-----
Sent: Tuesday, May 15, 2001 1:40 PM



Hi folks,

I'm sure everyone is aware of the ever increasing number of worms and other 
security compromises that are happening on the 'net these days. The local 
security folks here want to put a blanket filter on our internet 
connection for inbound port 111. The idea is that by filtering port 111,
they 
make it just a bit harder for the various miscreants to find vulnerable RPC 
services. 

I'm trying to understand what effects that will have on our LDM servers. I 
vaguely remember running ldm for a while without having the /etc/rpc file 
edited properly, but that was a long time ago. I'm thinking we'll be able to

connect to other servers, but nobody will be able to connect to us.

Longer term, has anyone considered what will happen with LDM as firewalls, 
proxy servers and other security measures become more prevalent? RPC isn't
the 
most firewall friendly protocol ever invented.


-JEff