Setup is as follows:
Internet - Router - Server
- workstation1
- workstation2
- etc.
Looking in my shorewall rules file, there are way more ports open on
this server than I would expect. If I have only http and smtp available
to the outside world, (and internally network-wise, ssh, pop3 and
imap), which, if any, of these ports need to be open for full
functionality of the server? I suspect none, with the possible
exception of 137 - 139,.. would this be right?
Assuming source is net or loc and dest is fw.
UDP:
137-\
138 netbios
139-/
445-Microsoft DS
1024:1100 - various
TCP:
443 - https
109 - pop2
137 - \
138 - netbios
139 - /
445 - MS DS
1024:1100 - various
Also, how would I go about blocking all -outgoing- traffic from the
server except for http, and internally to the network, pop3, imap, ssh
and whatever is necessary for the functionality of the server,.. i.e.
dns lookups? etc... The idea here is to "help" to block zombie
functions from getting out, in the event that the server is
compromised.
--
thanks,
stormi
------------------------ Yahoo! Groups Sponsor --------------------~-->
Fair play? Video games influencing politics. Click and talk back!
http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/0XFolB/TM
--------------------------------------------------------------------~->
To unsubscribe from this list, please email [EMAIL PROTECTED] & you will be
removed.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/LINUX_Newbies/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
