On Mon, 11 Sep 2000, you wrote: <snip> > the XFS port listed in the pmfirewall.conf file ><snip> I am still trying to track down the actual UDP port it listens on but as far as I can tell, netstat -nlp shows port 1029 open but doesn't list which process has it open. lsof doesn't show xfs using UDP, but both show the unix socket in use by xfs. The xfs man pages talk about TCP port assignment and I can't find the source for the -udpPort 0 workaround I am playing with. That all said :) when xfs is started with -udpPort 0, udp port 1029 stops listening. *shrug* <snip> > yesterday, and added to it all the ports for known trojans (linux, windows > and otherwise), one by freakin' one of them, and now have a list of ipchains > rules a mile and a half long! <snip> Nah, paranoid is having a listing that denies all traffic from the IANA reserved blocks properly listed and/or bitmasked so no one can use the reserved addresses (and not just the RFC 1918 ones either :) to spoof pakcets at my firewalls :) as well as the known trojan port list, a black hole list for known bad addresses.... *grin* And as a side note, yes IPChains is designed to stop packets from getting at all the services that are running on a particular box. That was why I originally posted that everyone needs to be running some sort of firewall, ie IPChains. As far as the policy settings for IPChains, they should reflect your general security policy. If your model is "That which is not explicitly denied is allowed" then the IPChains policy rules for your firewall should be -P ACCEPT. If you go with a "That which is not explicitly permitted is denied" then use the -P REJECT or -P DENY for your chain policies. I did not mean to imply in my first post that the ports listening in the netstat output were listening THROUGH the firewall, but showed the need for a firewall to be put in place :) M -- Matthew Micene Systems Development Manager Express Search Inc. www.ExpressSearch.com ____________________________ A host is a host from coast to coast, and no one will talk to a host too close Unless the host that isn't close is busy, hung or dead
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
