Shridhar Daithankar rearranged electrons thusly:
> Only allowed ports to internet are 80/20/21/110/25.
> That locks machine quiet strongly.
there are other ports (113 - auth I think) which have to be enable
> Why worry when somebody else can do the job? Anyway you don't have a static
> i/p and
> domain name right.
yeah right - but as I said, you will still run one daemon or the other
(sendmail for example). better be careful than end up hacked.
> And yaah X/lpd are known vulnerabilities. But standard firewalling like no
> connections
> allowed over 1023 will block them all, right?
use that gshield package I told you about - that'll do a thorough job
--
Suresh Ramasubramanian <--> mallet <at> efn <dot> org
EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin
"What separates normal people from kooks is how they react when people disagree
with them or tell them "NO" <-- Ron Ritzman on news.admin.net-abuse.email
----------------------------------------------
Find out more about this and other Linux India
mailing lists at http://lists.linux-india.org/
