If it's a webserver only, then you don't need SMTP
From: LeTortorec, Jean-Louis [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [expert] Ports to keep open
Date: Tue, 20 Nov 2001 11:06:27 -0500
I'm trying to limit the ports open on a Linux box
also with ftp, people behind firewalls using passive ftp won't be able tp
transfer as you haven't opened range of ports for them to use (PassivePorts
directive in proftpd.conf), scp would be simpler
bascule
On Tuesday 20 Nov 2001 4:06 pm, you wrote:
I'm trying to limit the ports open on a
If it's a webserver only, then you don't need SMTP
And no one has a real need for port 113 (authentication).
I'm trying to limit the ports open on a Linux box.
If I reduce the list to :
- SMTP/25
- ssh/22
- proftp/21
- http/80
- https/443
- authentication/113
Do you think that
No one? A while ago I was forced to partially open 113 again as
apparently some irc servers require an ident before allowing a
connection to be established. A bit of experimentation found that they
were happy with an ipchains reject, but failed if the packet was just
dropped (DENY)
BillK
On
On Tue, 20 Nov 2001, Brandon Hutchinson wrote:
Just make sure you are using an up-to-date SMTP agent. I don't think Sendmail
has had a remote root exploit since 1997, but has had some recent local root
exploits.
I don't know if identd (113) is actually needed, although I think remote MTAs
Howdy Jean-Lewis!
I would personally recommend using ssh (scp or sftp) if at all possible for
moving your Web pages instead of FTP, as the FTP session is not encrypted.
Just make sure you are using an up-to-date SMTP agent. I don't think Sendmail
has had a remote root exploit since 1997, but
I'm trying to limit the ports open on a Linux box.
If I reduce the list to :
- SMTP/25
- ssh/22
- proftp/21
- http/80
- https/443
- authentication/113
Do you think that will work ok? that box is a web server only, with
proftp/ssh session for updating pages.
Thanks to all.
Have a nice day.
On November 20, 2001 08:06 am, LeTortorec, Jean-Louis wrote:
Do you think that will work ok? that box is a web server only, with
proftp/ssh session for updating pages.
Are you running a name server? If so, you'll want to keep port 53 open as
well.
--
Cheers,
Rob
Want to buy your