12.3 Unix RPC Services Countermeasures

  • Don't run rexd, rusersd, or rwalld RPC services, because they are of minimal use and provide attackers with both useful information and direct access to your hosts.

  • In high-security environments, don't offer any RPC services to the public Internet. Due to the complexity of these services, it is highly likely that zero-day exploit scripts will be available to attackers before patch information is released.

  • To minimize the risk of internal or trusted attacks against necessary RPC services (such as NFS components, including statd, lockd, and mountd), install the latest vendor security patches.

  • Aggressively filter egress traffic, where possible, to ensure that even if an attack against an RPC service is successful, a connect-back shell can't be spawned to the attacker.