On Mon, 10 Apr 2000, Andr� Bell wrote: > Is it ok to leave the following ports open? It all depends on your definition of 'okay'. You policy for having active network services should be 'do I really really need this to be open to anyone? Can I get away with it being open to only a few?' So, starting from that premise: > - 119 nntp News server port. You actually serve news to people from this box? If not, configure your client news clients to use another news server. > - 1080 socks I guess you do masqarading... Only allow clients you want to masqarade for connect. > - 1524 ingreslock > - 2000 callbook > - 2005 deslogin Icky icky. Database lock servers? Address book stuff? Definately want to look at why these things are there... > - 3128 squid-http Squid.. web proxy... Only open to your clients. If it's only user on the local machine, firewall it off. > - 5742 trojan > - 6000 X11 X. Definatel;y to be firewalled off. If you need remote X access, use ssh with x-11 forwarding. > - 6667 irc If you must.. run a server, make sure it's chrooted and running as non-root. > - 20034 trojan > - 40421 trojan I guess all the trojan ports are just local applications that happen to be listenning on various ports. > I scanned my ports using www.securityspace.com and it gave the above > report. No idea why it calls certain ports trojans but I will look into it > further. Also, it looks like something may be using ports 20034 and > 40421,if that is also what www.securityspace.com is reporting. No idea what > the above ports might be legitimately used for so I will reinstall > pmfirewall again and tell it to block each of the above ports as well as > the default ports. Can't say I've ever used pmfirewall. You have a reference handy? > Please let me know if it's best that I should leave some of the above ports > open for the web server to work correctly. I didn't see a port 80 listed. You don't appear to be running a web server. A web cache (3128) yes. A server (80), no. Perhaps you better start with a definition of exactly what this machine is supposed to allow for: 1. Local users logged into the machine 2. Remote users Regards, Mark +-------------------------------------------------------------------------+ Mark Cooke The views expressed above are mine and are not Systems Programmer necessarily representative of university policy University Of Birmingham URL: http://www.sr.bham.ac.uk/~mpc/ +-------------------------------------------------------------------------+ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
