Re: [fw-wiz] Port 37628....Is it just another port or out of the extra ordinary???

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 07/22/04

  • Next message: Kerry Thompson: "Re: [fw-wiz] Port 37628....Is it just another port or out of theextra ordinary???" 
    To: InHisGrip <servie_platon@yahoo.com>
Date: Thu, 22 Jul 2004 06:48:16 -0400 (EDT)

    On Wed, 21 Jul 2004, InHisGrip wrote:

    > Incidentally, you mentioned about nfslock, since I
    > don't use nfs or network file system in my small home
    > network would it be advisable for me to comment this
    > out from xinetd, disable this service or just leave it
    > as it is?

    Kill everything you don't use, including xinetd. RH-based variants use
    chckconfig so that the system doesn't turn it back on after an upgrade.

    > Same goes with port 111, sunrpc port and port 773,
    > notify service, shall I leave these alone too?

    Kill -9 'em all and let init sort them out...

    Nuke away.

    > The only services I have enabled are web service and
    > mail service plus kernel compile and development
    > options. I hope what I have selected has nothing to do
    > with the ports that are under question here?

    netstat will tell you what's listening, though I prefer using lsof, which
    is something I put on almost every *nix system I install.

    > should have been, based on the listening port above,
    > would my other PC's get compromised or be subjected to
    > attack?

    "It depends."

    > Well, I just thought of putting the web server in a
    > DMZ host and port to protect my other PC's. Since this
    > is a bastion host which will be accessible for
    > everyone, the only safeguard I was thinking of is tcp
    > wrappers, along side with the firewall rules of the
    > linux box, plus limited permissions on certain
    > directories.

    Keep it in the DMZ, that's where it belongs...

    > What would you suggest? I am just an intermediate
    > linux user and would love some feedback from you or
    > anyone else who are advanced users to linux gurus.

    Keep Apache and SSL (if enabled) up to date, along with libc and the
    resolver. Build your own Apache, and disable all the extra stuff you
    don't use- especially PHP if you're not active using it. If you are
    actively using it, then you're probably going to be vulnerable at some
    point...

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Kerry Thompson: "Re: [fw-wiz] Port 37628....Is it just another port or out of theextra ordinary???"