Re: em0 hijacking traffic to port 623

From: Ian FREISLICH <ianf_at_clue.co.za>
Date: Tue, 22 May 2007 11:13:20 +0200
=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote:
> Ian FREISLICH <ianf_at_clue.co.za> writes:
> > No, it's a March 6 current.  How safe is it to just update the
> > sys/dev/em directory and recompile?  Quite a lot has changed in
> > CURRENT since then and I don't want to update everything on these
> > servers just yet.
> 
> Quick workaround: configure inetd to listen to port 623 so rpcbind
> won't assign these ports to the NFS server.  Something like this:
> 
> asf-rmcp dgram  udp     nowait  root    /bin/false              false
> asf-rmcp stream tcp     nowait  root    /bin/false              false

This won't help me.

These hosts are routers for several large datacenters.  They're
blackholing all traffic with a destination port of 623 and probably
664 in hardware.  I wouldn't mind so much if it just did it for
it's own IP.

Ian

--
Ian Freislich
Received on Tue May 22 2007 - 07:14:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:10 UTC