SUMMARY: security stuff

From: Chad Campbell <>
Date: Thu Oct 11 2001 - 11:40:24 EDT
Original question:

> Does anyone know how to do the following?
> 1. Restrict all RPC traffic to specific subnets or IP addresses (Solaris
> 8).
> 2. Make iPlanet 4.1's server string and OS version unavailable for query
> (Netscape-Enterprise/4.1)


1. There were several solutions presented to me, so here they are:
1a. Replace the Solaris rpcbind with Wietse Venema's rpcbind replacement
that uses the tcp wrapper library to restrict access.  His site is
1b. IP Filter or Sunscreen - ipf source is available from
1c. Several people suggested the block traffic at firewall or router
1d. /var/yp/securenets - c.f. "man securenets", be sure to include - I'm pretty sure this will only secure NIS traffic, but hey,
that's a start
1e. One method would be to implement secure rpc -- doesn't really
address the subnet restriction issue but does allow you to control
access to authorized hosts.

2. There were only a couple of answers for this:
2a. The server identification string is stored in the library and unless you want to open that puppy up with a clean
hex editor, locate the string and then modify the current string (with 
on that is EXACTLY the same size), and then trust that you won't have
any issues with the library, you will probably NOT want to change this.

2b. Use Apache or some other more configurable HTTP server as a
forwarding proxy.

Thanks to:

Todd Fiedler
Julian Simpson
Bill Mooney
John Hilger
Rowan Littell
Brion Moss

Chad Campbell
System Administrator III, Sprint Midrange Support
Received on Thu Oct 11 16:40:24 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:33 EDT