On Sat 29 Aug 2015 at 22:56:50 +0200, to...@tuxteam.de wrote: > On Sat, Aug 29, 2015 at 01:25:28PM -0500, rlhar...@oplink.net wrote: > > > > # netstat -lntup > > Active Internet connections (only servers) > > Prot Rec Snd Local Address Foreign State PID/Program name > > -Q -Q Address > > Quite a mouthful. Other answers very insightful, especially the proposals > of blocking the relevant ports via firewall (I'd try the opposite approach > though: block every connection from outside except those you explicitly > want) > > > tcp 0 0 0.0.0.0:9999 0.0.0.0:* LIS 561/inetd > > As others noted: what's inetd doing on 9999? Do have a look at > its config files (somewhere in /etc/inetd.conf). > > > tcp 0 0 0.0.0.0:111 0.0.0.0:* LIS 530/rpcbind > > tcp 0 0 0.0.0.0:46225 0.0.0.0:* LIS 540/rpc.statd > > RPC is typically needed for NFS. If you don't want to mount your > laptop's file systems from other machines, it's probably superfluous.
So get rid of it. > > tcp 0 0 0.0.0.0:22 0.0.0.0:* LIS 568/sshd > > Common wisdom is to keep that (but to secure it properly, by disabling > root logins and possibly passwrd logins). Perhaps you can ssh into > your laptop should the UI become unresponsive for some reason (e.g. > X botches the graphics card but you still have some running programs > you'd want to finalize in an orderly mode). Common wisdom or old-wives tales? He probably has no need for it. Purge. > > tcp 0 0 127.0.0.1:631 0.0.0.0:* LIS 1248/cupsd > > Are you using your laptop as a print server? If not, the cups-client > package might be enough. Its only listening on localhost. What's the problem? cups-client alone is insufficient to print to a printer attached to the machine. > > tcp 0 0 127.0.0.1:5432 0.0.0.0:* LIS 675/postgres > > tcp 0 0 127.0.0.1:25 0.0.0.0:* LIS 1063/exim4 > > Database server, mail server. What are they doing? For postgres, > you could configure it to just serve over an UNIX domain socket, > if the only applications around connect locally. Your call. > For exim4 (mail server)... depends on your mail setup. Both are only listening on localhost. Perfectly safe. > > tcp 0 0 127.0.0.1:2628 0.0.0.0:* LIS 599/0 > > Uh -- what is *this*? A process called "0"? Looks really strange > to me. > > > tcp6 0 0 :::111 :::* LIS 530/rpcbind > > tcp6 0 0 :::38930 :::* LIS 540/rpc.statd > > tcp6 0 0 :::22 :::* LIS 568/sshd > > tcp6 0 0 ::1:631 :::* LIS 1248/cupsd > > tcp6 0 0 ::1:5432 :::* LIS 675/postgres > > tcp6 0 0 ::1:25 :::* LIS 1063/exim4 > > Those are IPV6 variants of some of the above. > > > udp 0 0 0.0.0.0:36358 0.0.0.0:* 612/avahi-daemon:r > > Avahi: this is a service discovery service: your laptop is broadcasting > to the network "hey, here's a [printer, database, whatnot]. Wanna play > with me? > > That's one of the things I ban from my computer. Broadcating is one thing. Allowing access to a service is another. > > udp 0 0 0.0.0.0:631 0.0.0.0:* 647/cups-browsed > > Here cups is announcing its availability. Down with it :-) CUPS isn't doing anything. Have another go. :)