On Thu, 2004-05-20 at 18:28, Kaj Haulrich wrote: Kaj,
Excellent to hear from you again. > On Thursday 20 May 2004 22:31, Aron Smith wrote: > > <snip> > > Not using NFS purwe linux systen rieserFS on some partitions > > how can I shut portmap off ? > </snip> > > You can stop portmap (or any service) by typing (as root) : > > service portmap stop > > or don't start it at all. Go to System --> Configuration --> > Configure Your Computer --> System --> Services. Alternatively you can use the excellent command line utility "chkconfig" from the command line. Like this to list all services: chkconfig --list | sort (which sorts the list alphabetically for your convenience) Or like this to unilaterally shut portmap down across all runlevels: chkconfig --level 2345 portmap off All from a root console, btw. > > And, to return to your original question about the output from > dmesg : I have lots of those too. When doing a "whois" on most of > those IP addresses, I see totally unknown hosts from all around the > globe with no clue whatsoever about who they are and why they pop > up on my humble PC. So, I figure that what we see are all those > script-kiddies, worms, viruses and trojans looking for Windows. > > Fortunately, it seems that Shorewall stops them all although it > doesn't really matter anyway, what with us running linux. > > And to Lyvim : Until now, I had xinetd running. What is the downside > of stopping it ? > > Kaj Haulrich. OK. The sole purpose of xinetd is to dynamically start and stop services that you would not want running on a continual basis. Such as ftp, or sshd, or any of the other server type services listed by chkconfig. It is supposed to bring the service up on demand and shut it down when not being used. On a linux workstation, like mine or yours or most people here, xinetd is useless because we arent using the box as a server and we are trying to keep people out rather than letting them in. Most peeps have cheap 486 or pentium 1 hardware set aside for ftp purposes, and even then alot of peeps just run ftp or sshd or whatever continuously, instead of using xinetd to start the service up on demand. Xinetd had a good idea, which was to save resources by keeping processes down when not being used, and calling them up when their port (ftp 21 or sshd 22 for example) is tapped or knocked on from the outside. Where xinetd comes in weak is that it is basically a single access point from which you can start up any internal service inside YOUR machine from the outside, that has not been specifically denied by the config files in etc. In other words, hackers can tap or knock on ports to see if a service will start up, and then they start checking that service for version vulnerabilities. In other words, xinetd is serving no other purpose than to allow outside people to start up services on YOUR box. >From the outside. But it doesn't stop there. At one time, xinetd was *itself* vulnerable to DOS attacks. They have worked on that problem and have corrected it to some degree, but usually security problems are not endemic of the code, but of the architecture that the code is written toward. Witness: Sendmail. Postfix. Exim. Check it out in the Bugtraq archives. All victims of a self flagellating trend towards single root run executables when a simple change in architecture (such as the architecture exhibited by qmail) would be a step in the right direction. A root run single executable service such as those above are nearly always vulnerable to buffer overflow attacks, at some time or another. but I digress. The thing to remember is that if you are on a workstation, you shouldn't need to run xinetd for the reasons listed. And if you *do* need to dynamically activate services, don't use xinetd to do that, use Dan Bernstein's Tcpserver program, available on Vincent Danen's site, rpmhelp.net. No vulns that I'm aware of have ever been detected either in vanilla qmail or tcpserver. HTH?? LX
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
