This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
=============================================================================== Robb Kambic Unidata Program Center Software Engineer III Univ. Corp for Atmospheric Research address@hidden WWW: http://www.unidata.ucar.edu/ =============================================================================== ---------- Forwarded message ---------- Date: Tue, 15 May 2001 15:00:04 -0500 From: Brad Teale <address@hidden> To: address@hidden Subject: RE: Security issues and LDM Since most ldm users are putting port 388 tcp/udp in the /etc/services file, the firewalling software can just allow traffic to/from that port. However, for those of us not using port 388, we need to use smarter firewall software that can determine what type of packet it is, and route it accordingly. The one disadvantage to this approach being all rpc traffic is let through the firewall. On the other hand, by specifying a port in the /etc/services file, there is no reason to use the rpc protocol. Either way, it can be done. Brad Teale Universal Weather & Aviation, Inc. <mailto:address@hidden> 713-944-1440 ext. 3623 -----Original Message----- From: Jeff Wolfe [mailto:address@hidden] Sent: Tuesday, May 15, 2001 1:40 PM To: address@hidden Subject: Security issues and LDM Hi folks, I'm sure everyone is aware of the ever increasing number of worms and other security compromises that are happening on the 'net these days. The local security folks here want to put a blanket filter on our internet connection for inbound port 111. The idea is that by filtering port 111, they make it just a bit harder for the various miscreants to find vulnerable RPC services. I'm trying to understand what effects that will have on our LDM servers. I vaguely remember running ldm for a while without having the /etc/rpc file edited properly, but that was a long time ago. I'm thinking we'll be able to connect to other servers, but nobody will be able to connect to us. Longer term, has anyone considered what will happen with LDM as firewalls, proxy servers and other security measures become more prevalent? RPC isn't the most firewall friendly protocol ever invented. -JEff