On Sun, Jul 22, 2012 at 7:32 PM, Brian <a...@cityscape.co.uk> wrote: > On Sun 22 Jul 2012 at 18:08:25 +0800, lina wrote: > >> On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner <s...@hardwarefreak.com> >> wrote: >> > On 7/22/2012 3:37 AM, lina wrote: >> > >> >> P.S I also found >> >> >> >> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN >> >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN >> >> tcp 0 0 0.0.0.0:538 0.0.0.0:* LISTEN >> > >> > Instead of doing this piecemeal, post the output of: >> > >> > ~$ netstat -ant|grep LISTEN >> > >> > and we'll go through the list together, trimming the fat. >> >> # netstat -ant|grep LISTEN >> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:538 0.0.0.0:* LISTEN >> tcp6 0 0 :::143 :::* LISTEN >> tcp6 0 0 :::80 :::* LISTEN >> tcp6 0 0 :::22 :::* LISTEN >> tcp6 0 0 ::1:631 :::* LISTEN >> >> Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, >> respectively, > > CUPS and the mailserver only listen for connections from localhost. This > is as safe as it gets without removing the two services. > > The ssh and webserver daemons are available on the network. Presumably > this is what you want. Their security will depend on how you have > configured them. Debian sshd can be run safely with the default install. > > For port 538 try > > lsof -i :538 > > It's probably gdomap, which is part of GNUstep. By default it will not > probe for other servers (see /etc/default/gdomap), so that looks ok. > Only you know whether you need GNUstep. > > Port 143 is likely to be imap. It too can be accessed from the network. > Is that your intention? my email is not function perfectly yet. I don't have much idea about it. Shall I close it? > > Heaven above knows why you need a firewall. These services are quite > capable of getting on with life without iptables being involved. So are > you. Just today one website I cared about failed to open, certainly it's under attack. I don't know what other people are capable of, I feel they are capable of doing lots of things. Frankly speaking I don't have much energy/channel to arm myself some intense knowledge to meet some potential defense requirement (sometimes I read something, but mainly to forget later.). so the only way I can do now is to understand something very basic.gradually and patiently, perhaps 10 years later, and I don't have some strong security feelings, if something wrong with the laptop, I guess I will unavoidably freak out and at that time definitely some days will waste.
Thanks with best regards, P.S, In the past, if some books/webpage/blogs or anything which inspired you lots in this area, appreciate to share. I don't have CS background. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/20120722113234.GC7631@desktop > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAG9cJm=qYOvDSVb+1hBqhANWi-6tNart=fspe6ffehmwr3z...@mail.gmail.com