On Fri, 14 Apr 2000, Steven Kerr wrote:
> How do you go about securing ports that are no controlled by 'inetd' ?
>
> Is is as simple as commenting out the relevant line in
> '/etc/services'. ?
Er, no. /etc/services is really just a lookup table so that you can use
nice names instead of remembering port numbers when configuring programs.
Alot of daemons use tcp wrappers. Look at the man page for
"hosts_access" and edit the /etc/hosts.accept and hosts.deny files.
> I did try the commenting of /etc/services but the port scan show as
> still being active. Is there a daemon that needs a kick in the groin ?
To block port scans (signed up with Optus are we? ;) you will need to use
firewall rules. For 2.0 kernels use ipfwadm, for 2.2 kernels use ipchains,
and for us experimenters using 2.3 and soon 2.4, use iptables.
I'm still experimenting with this myself. Whats the status of peoples'
work to block Optus' port scanning?
(I only just rejoined the list yesterday)
bye
--
8<--------8<--------8<--------8<--------8<--------8<--------8<--------
Ian Tester *8)# \7\ LINUX: because geeks will find a way
[EMAIL PROTECTED] \7\ http://www.zipworld.com.au/~imroy
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
