Re: [expert] Ports to keep open

2001-11-21 Thread David ..
If it's a webserver only, then you don't need SMTP From: LeTortorec, Jean-Louis [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [expert] Ports to keep open Date: Tue, 20 Nov 2001 11:06:27 -0500 I'm trying to limit the ports open on a Linux box

Re: [expert] Ports to keep open

2001-11-21 Thread bascule
also with ftp, people behind firewalls using passive ftp won't be able tp transfer as you haven't opened range of ports for them to use (PassivePorts directive in proftpd.conf), scp would be simpler bascule On Tuesday 20 Nov 2001 4:06 pm, you wrote: I'm trying to limit the ports open on a

Re: [expert] Ports to keep open

2001-11-21 Thread Daniel Woods
If it's a webserver only, then you don't need SMTP And no one has a real need for port 113 (authentication). I'm trying to limit the ports open on a Linux box. If I reduce the list to : - SMTP/25 - ssh/22 - proftp/21 - http/80 - https/443 - authentication/113 Do you think that

Re: [expert] Ports to keep open

2001-11-21 Thread Bill Kenworthy
No one? A while ago I was forced to partially open 113 again as apparently some irc servers require an ident before allowing a connection to be established. A bit of experimentation found that they were happy with an ipchains reject, but failed if the packet was just dropped (DENY) BillK On

Re: [expert] Ports to keep open

2001-11-21 Thread Ralph Forsythe
On Tue, 20 Nov 2001, Brandon Hutchinson wrote: Just make sure you are using an up-to-date SMTP agent. I don't think Sendmail has had a remote root exploit since 1997, but has had some recent local root exploits. I don't know if identd (113) is actually needed, although I think remote MTAs

Re: [expert] Ports to keep open

2001-11-20 Thread Brandon Hutchinson
Howdy Jean-Lewis! I would personally recommend using ssh (scp or sftp) if at all possible for moving your Web pages instead of FTP, as the FTP session is not encrypted. Just make sure you are using an up-to-date SMTP agent. I don't think Sendmail has had a remote root exploit since 1997, but

[expert] Ports to keep open

2001-11-20 Thread LeTortorec, Jean-Louis
I'm trying to limit the ports open on a Linux box. If I reduce the list to : - SMTP/25 - ssh/22 - proftp/21 - http/80 - https/443 - authentication/113 Do you think that will work ok? that box is a web server only, with proftp/ssh session for updating pages. Thanks to all. Have a nice day.

Re: [expert] Ports to keep open

2001-11-20 Thread Robert Fargher
On November 20, 2001 08:06 am, LeTortorec, Jean-Louis wrote: Do you think that will work ok? that box is a web server only, with proftp/ssh session for updating pages. Are you running a name server? If so, you'll want to keep port 53 open as well. -- Cheers, Rob Want to buy your