On Sun, 30 Aug 2015 09:47:56 +0200 <to...@tuxteam.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sat, Aug 29, 2015 at 11:28:10PM +0100, Brian wrote:
> > > > Its only listening on localhost. What's the problem? > > You're right, I missed that. > Which is why I suggested nmap. When you've made absolutely sure you've read the netstat listing properly, you then need to look at the application configuration and the tcpwrappers files to see what other restrictions may be applied to connections, and then check the iptables rules to see what's there. It's simpler just to poke it with nmap from a potentially hostile machine, and see if it growls. If you're seriously securing a machine, then yes, you do all those things, and you use the tools to provide at least two methods of protection (if you get one wrong, or there's a bug, it's not a disaster). And it's still worth a portscan then to see if you've made any serious errors, preferably with each of your single methods in turn turned off. If you're just looking to see if your machine can survive a short dip in what is not explicitly known to be a hostile environment, particularly in one which would not expect to see a Linux machine, then I'd say an nmap scan is enough. -- Joe
