NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.
To learn about what's going on, see About the Archive Site.
Since most ldm users are putting port 388 tcp/udp in the /etc/services file, the firewalling software can just allow traffic to/from that port. However, for those of us not using port 388, we need to use smarter firewall software that can determine what type of packet it is, and route it accordingly. The one disadvantage to this approach being all rpc traffic is let through the firewall. On the other hand, by specifying a port in the /etc/services file, there is no reason to use the rpc protocol. Either way, it can be done. Brad Teale Universal Weather & Aviation, Inc. <mailto:bteale@xxxxxxxxxxxx> 713-944-1440 ext. 3623 -----Original Message----- Sent: Tuesday, May 15, 2001 1:40 PM Hi folks, I'm sure everyone is aware of the ever increasing number of worms and other security compromises that are happening on the 'net these days. The local security folks here want to put a blanket filter on our internet connection for inbound port 111. The idea is that by filtering port 111, they make it just a bit harder for the various miscreants to find vulnerable RPC services. I'm trying to understand what effects that will have on our LDM servers. I vaguely remember running ldm for a while without having the /etc/rpc file edited properly, but that was a long time ago. I'm thinking we'll be able to connect to other servers, but nobody will be able to connect to us. Longer term, has anyone considered what will happen with LDM as firewalls, proxy servers and other security measures become more prevalent? RPC isn't the most firewall friendly protocol ever invented. -JEff
ldm-users archives: