Andre If you only plan to run a webserver on this box (and I assume you left port 80 out of the list below because it is obvious that that port is necessary for http), I would advise that you do not allow any of these ports through your firewall. Furthermore, I would probably check into the ports that say "Trojan" to discover what is running on these ports. Generally speaking, there are ports known to be used for popular Trojan horses, and you can find these listed at Carnagie Mellons CERT homepage (www.cert.org). These Trojan Horse viruses are probably more rampant on Windows boxes, but I would check nevertheless. If you have users in your network which are running server processes for whatever reason, that could also explain those "trojan" ports (i.e. the users just happened to pick the same ports that known trojans default to). The best approach is to disable everything you possibly can, and add ports later as they are needed. Just be careful not to step on any important toes if you know what I mean. Geoffrey Gates Lockheed Martin NE&SS, Moorestown, NJ > ------------------------------ > > Date: Mon, 10 Apr 2000 17:02:10 -0700 > From: =?iso-8859-1?Q?Andr=E9?= Bell <[EMAIL PROTECTED]> > Subject: pmfirewall: Is it ok to leave the following ports open? > > Is it ok to leave the following ports open? > - - 119 nntp > - - 1045 trojan > - - 1080 socks > - - 1524 ingreslock > - - 2000 callbook > - - 2005 deslogin > - - 3128 squid-http > - - 5742 trojan > - - 6000 X11 > - - 6667 irc > - - 20034 trojan > - - 40421 trojan > > I scanned my ports using www.securityspace.com and it gave the above > report. No idea why it calls certain ports trojans but I will look into it > further. Also, it looks like something may be using ports 20034 and > 40421,if that is also what www.securityspace.com is reporting. No idea what > the above ports might be legitimately used for so I will reinstall > pmfirewall again and tell it to block each of the above ports as well as > the default ports. > > Please let me know if it's best that I should leave some of the above ports > open for the web server to work correctly. > > Thanks! > > Andre > redhat 6.1 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
