To quote Glenn Becker [EMAIL PROTECTED],
#
# All,
#
# I have been trying to secure my Debian box, which enjoys a DSL
# connection. I've been going through /etc/inetd.conf, commenting out
# services, and K'ing others in the /etc/rc2.d/, until what I have left
is
# the following (output from
: Monday, February 12, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
not using them, stop the
services or uninstall the packages that are launching them.
- Original Message -
From: Vadim Kutsyy [EMAIL PROTECTED]
To: Debian User debian-user@lists.debian.org
Sent: Monday, February 12, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand
Vadim Kutsyy wrote:
Jason, good idea. I took care about ssh (removed all [K,S]20ssh).
Hoever I have no clue what to do with aother ports.
port 13: daytime
port 37: time
port 9: discard
Any ideas?
Thanks.
Those are started by inetd.Comment them in /etc/inetd.conf then ,as root
port 13: daytime
port 37: time
port 9: discard
Any ideas?
Thanks.
Those are started by inetd.Comment them in /etc/inetd.conf then ,as root
/etc/init.d/inetd restart
Thanks, and last question:
How to make my computer not pingable?
Thanks.
How to make my computer not pingable?
As root,
echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all
I don't know what other problems this may lead to, if any, though...
Regards
Hall
Check out the packet filtering howto:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Section 7 covers fun stuff like avoiding ping-o-death syn-flooding.
Wil
--- Hall Stevenson [EMAIL PROTECTED] wrote:
How to make my computer not pingable?
As root,
echo
Wil Reichert wrote:
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html
Section 7 covers fun stuff like avoiding ping-o-death syn-flooding.
I've seen it (I used Section 5 to create my rules). However, my
computer is stand alone workstation without any servers, but
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
recomendation on how to close them?
Thanks.
My iptables rulles:
, 2001 11:33 PM
Subject: iptables rules and open ports
I have stand alone workstation withour any network, so I am trying to
keep all ports close. I run kernel 2.4 with iptables. Recent scaning
(by www.dslreports.com) shows that ports 13,22,37 and 9 are open. Any
recomendation on how to close
against my
machine, and I've come down to just a few open ports left that I have at
least mild concern about. They are:
9 discard
13 daytime
37 time
111 sunrpc
Now, I know that 9 will just throw away anything it gets, and that 13
and
37 just return the time (in one
On Fri, Jan 26, 2001 at 08:28:51AM -0600, Brooks R. Robinson wrote:
But what about 111? Something in my gut says that
remote procedure call can't be all that good.
NIS and NFS need sunrpc (aka portmapper) running on the server, but you
should be able to shut it off if you're not using either
On Fri, Jan 26, 2001 at 08:28:51AM -0600, Brooks R. Robinson wrote:
machine, and I've come down to just a few open ports left that I have at
least mild concern about. They are:
9 discard
13daytime
37time
111 sunrpc
Now, I know that 9 will just throw away anything
Port 111 is the portmap daemon, used by NFS and NIS (anything else?).
It doesn't look like you're using NFS or NIS (if so you'd have other
ports open) so you can probably shut it off. If you do want to keep it
on, it might be worth it to use something like ipchains or iptables to
filter
I am not using NFS or NIS, and I have started to hunt down
how/where to turn
off portmap.
Hmmm...
I check out things in /etc/init.d. Ahh... mountnfs.sh!
But wait! I read through the script It shouldn't be on! There's
nothing to turn it on.
You know, I should really look at the
i just did an nmap to a machine i'm servicing and i have 2 open ports
that i cannot account for. they are:
PortState Protocol Service
781 opentcphp-collector
779 openudpunknown
looking at /etc/services 779/udp
On Sun, Dec 03, 2000 at 04:31:18AM -0500, [EMAIL PROTECTED] wrote:
i just did an nmap to a machine i'm servicing and i have 2 open ports
that i cannot account for. they are:
PortState Protocol Service
781 opentcphp-collector
779 open
Hi all,
I made a 'netstat -a --inet', and it returns me 3 ports I don't
know opened:
tcp 00 *:sunrpc *.*LISTEN
udp 00 *:sunrpc *.*
raw 00 *:1 *.*
raw 00 *:6 *.*
Is it normal?
Am
On Sun, Nov 21, 1999 at 10:58:16AM +0100, Jean-Yves BARBIER wrote:
I was also returned an 'imap2' opened port??? I did not installed
such a package (in fact it was purged long ago). Why is it still
present?
Sorry, forget about this one, it was still opend by inetd.
JY
--
Jean-Yves F. Barbier
101 - 119 of 119 matches
Mail list logo