Yes, the best policy is always to disable anything on your machine that you're not using. Those you _are_ using, you then filter the crap out of.
Personally, my workstation-type machines only listen on port 6000 (X), 22 (ssh), and occasionally ftp and tftp if I need them for a specific purpose. For my server-type machines, subtract X, then add what services they are providing, which would then be heavily protected. On Thu, 16 Mar 2000, Peter Cordes wrote: > This isn't specific to identd, but I'm wondering why you would bother > filtering the port instead of just not running identd? (I assume you would > have/do turn off identd in /etc/inetd.conf as well as using doing port > filtering.) I've never really understood why people filter all kinds of > ports on their own machine when the ports are closed anyway. The only > advantage I can see is that if someone hits you with a trojan > something-or-other, the the bad guys won't be able to talk to it if it picks > a blocked port. Is this the reason for doing it, or am I missing something? > > Filtering ports makes sense when you are protecting a bunch of machines, > especially ones which you don't run directly, but for a machine filtering > traffic for only itself, it seems like a waste. > > Thanks,