Ralph Shumaker wrote: > James G. Sack (jim) wrote: >> 96.998%Ralph Shumaker wrote: >> > > No, it was 100% of me that wrote it!
<heh> That looks like some kind of artifact of your email client or display? >.. > > Well, ignoring 127.0.0.1, this is what I get: > # netstat -lnpt > Active Internet connections (only servers) > Proto Local Address Foreign Address State PID/Program name > tcp 0.0.0.0:42944 0.0.0.0:* LISTEN 2156/rpc.statd > tcp 0.0.0.0:111 0.0.0.0:* LISTEN 2135/rpcbind > > # netstat -lnpu > Active Internet connections (only servers) > Proto Local Address Foreign Address State PID/Program name > udp 0.0.0.0:659 0.0.0.0:* 2156/rpc.statd > udp 0.0.0.0:43032 0.0.0.0:* 2156/rpc.statd rpc stuff is because you probably have nfs or nfslock and/or rpcbind running. Since you don't have other machines on your local net, you would have no reasons to run nfs or probably anything that might use rpcbind. You can shut those services off and those open ports would go away. > udp 0.0.0.0:68 0.0.0.0:* 18262/dhclient I don't know (exactly) why dhclient listens, but it probably does no harm. The dhcp server in your DSL-gateway may send out messages that the dhclient needs to listen for, maybe. > udp 0.0.0.0:614 0.0.0.0:* 2135/rpcbind > udp 0.0.0.0:53351 0.0.0.0:* 2536/avahi-daemon: > udp 0.0.0.0:5353 0.0.0.0:* 2536/avahi-daemon: avahi is supposed to provide some automated network discovery capabilities (like zeroconf, etc). It is most likely harmless (and low cost) but most likely useless to you, so yuo could turn off the avahi-daemon if you wish. > udp 0.0.0.0:111 0.0.0.0:* 2135/rpcbind > udp 0.0.0.0:631 0.0.0.0:* 2563/cupsd If you have a network-connected printer, then cupsd is most likely essential, but if you have a direct-connect (eg, parallel, usb), then I'm not sure whether it is still needed or not -- I suspect it might be, though. Let us know what you find out. ;-) I would definitely not want any firewall forwarding enabled on port 631! > udp W.X.Y.Z:123 0.0.0.0:* 15355/ntpd > udp 0.0.0.0:123 0.0.0.0:* 15355/ntpd > udp W::X:Y:Z:123 :::* 15355/ntpd > udp ::1:123 :::* 15355/ntpd > udp :::123 :::* 15355/ntpd Docs say that "ntpd requires full bidirectional access to the privileged UDP port 123" http://support.ntp.org/bin/view/Support/TroubleshootingNTP but I don't quite see how it would works through a firewall?!? Perhaps someone will explain that. Nevertheless, I'm inclined to leave it alone and trust it. > > Columns "Recv-Q" and "Send-Q" for each of the above items is 0. > (Whatever those are.) > > One item is showing W.X.Y.Z as my IPv4 address, and another, W::X:Y:Z as > my IPv6 address. Since this info is going to a public list, I figured it > would be better to obscure them. If they are needed for some reason, > pleas let me know. If the W.X.Y.Z are private IP addresses (eg, 192.168.1.xxx) handed out by your household dhcp server (in your DSL modem), then there's no damage by publishing those addresses. Those addresses can't identify you -- in fact there are probably thousands (or more) who have the same private IP address as you. Mine is 192.168.9.51 (because I customized my gateway). The range 192.168.0.xxx and 192.168.1.xxx are very common private addresses used in residential gateways. You ofen see an 192,168.122.xxx IPs which is self-assigned by that zeroconf stuff -- related to what is done by that avahi-daemon. I believe you have to explicitly unconfigure something to get rid of that, so I just try to ignore it. > > I understand why ntpd would be there, tho I don't understand why it is > there so frequently. Five lines? I believe the first line is redundant because the second (0.0.0.0) one includes it by meaning "any ipv4". The ipv6 lines seem to sopecifyh different things. But this is probably one of those "don't ask why" situations. :-) > > Why would cupsd be there? I don't think it needs interweb access. Not web for sure, but it could need access to your LAN, and the daemon just might need to be running even if LAN access is not needed. >.. >> that your ISP is probably dslextreme, so I presume you have a DSL modem >> -- it probably has a built-in firewall, but you might log in to it's >> administrative interface and make sure you don't have any unexpected >> port forwarding allowed. >> > > dslextreme, yes. I don't remember if it has firewall built-in. It says > DSL-2320B on the front of it. dlink.com says its firewalling is: > • MAC Filtering > • Packet Filtering > • Stateful Packet Inspection (SPI) > • User Authentication PAP > • User Authentication CHAP Per the manual for that modem: Presuming the IP range hasn't been reconfigured, you probably have an addess 192.168.1.101 (or something like that) and the gateway itself has IP 192.168.1.1. If you direct your browser to http://192.168.1.1/ and give the default user/password of admin/admin (presuming nobody ever changed the factory defaults), then you should get into the management interface, where you can poke around a bit. > > My PC is the only one connected to it, and I have no wireless AP. > > *I* didn't set up any port-forwarding in the DSL box. At least I don't > think I did. I don't think I would have unless I knew that I needed it, > which leads me to believe that I did _not_ do so. > > I don't remember at the moment where I put my DSL modem booklet. So I > don't know how to log in and check for unexpected port forwarding. (see preceding) >.. > That sounds like a sideways endorsement of: > rafael ALL=(ALL) ALL I believe that's a common recipe. >..If I'm going to >>> learn that, I would prefer it be in an environment like an installfest. >>> >> >> That's a great idea! >> > > Thanks. It seems practical. But I don't look forward to lugging my PC > and monitor (and peripherals), disconnecting and reconnecting cables. Oh > well, it wouldn't be the first time. Well, at least at the NCAS installfest (but not this month --- they're on summer vacation), you could leave kbd, mouse, monitor home. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
