Package: harden-doc Version: 3.10 Severity: wishlist Hi!
Section 12.1.14.5 _I have services using port 1 and 6, what are they and how can I remove them?_ talks about processes listening on raw sockets. It's not really clear to me. Firstoff, is having such processes listening on raw sockets dangerous? Of course, Trojans are no good and should be removed, but what about IDSes? Is there any danger in having IDSes listening to such raw sockets, per se? On a system of mine (which performs NAT for a LAN behind it), I use dnsmasq to provide a caching name server and a DHCP server for the LAN. On this system: # netstat -anp | grep raw raw 0 0 0.0.0.0:1 0.0.0.0:* 7 1106/dnsmasq Should I be worried about that? Is this a security weakness of dnsmasq? I think that Section 12.1.14.5 should be more informative... Thanks for considering. [1] which is in http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]