Mailinglist Archive: opensuse (3785 mails)
| < Previous | Next > |
Re: [SLE] Ports - Services and their legitimacy???
- From: bill s <opensource22@xxxxxxxxx>
- Date: Thu, 23 Oct 2003 11:20:43 -0700 (PDT)
- Message-id: <20031023182043.52548.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
Thank you Jerry, Thorsten and others.
>Probably not. If you're keeping up to date on your
>patches via YOU then you're okay.
I am keeping up to date with the patches. As you said,
it might have been because of the version string.
I haven't come across any website or other resource
where I can find what each "port-service" mean and
what their purpose is (except for the standard ports
like ftp, http, telnet, smtp etc.)
I have another question with regard to the
SuseFirewall2. How do I know if the firewall is
running or not? What is the application/process that
is run when the firewall is started. I didn't find any
new process in the process list (may be, I didn't look
closely) when the firewall is started. Where does the
logged data from the firewall go? Are there any GUI
tools to interpret the data and alert me, if something
is not right? or better yet, to inform me right when
it happens, rather than I look for it in the logs?
Appreciate your help.
--Jay
: Hi,
: I have Suse 8.1 Pro on my home computer.
: I ran "netstat -antu" which showed me a couple of
open
: ports - 68, 111, 631 and 6000 (I pasted the output
: below). I looked at "/etc/services" to see what each
: port mean, but I didn't know what was the purpose of
: those services and which application opened them.
: I am just wondering whether they should be open on a
: typical home computer. If so, which application uses
: them?
Here's a quick breakdown:
68: bootp/dhcp (needed if grabbing ip via DHCP)
111: portmapper (needed if running RPC services)
631: cupsd (needed if you want to print)
6000: X windows -- turn this off
Some Notes:
The portmapper is necessary if you're using RPC
services like NFS.
Run 'rpcinfo -p' to see what RPC services are
running. If there are
none running, then it's safe to turn this off.
The X-windows port should be turned off. Run the X
server with the
'-nolisten tcp' option.
: Another question I have is, does CUPSD need to be
run
: to be able to just print documents. The machine is
NOT
: a print server.
Au contraire. It is a print server. It's just serving
the locally
connected printer. You should probably look at the
various cupsd.conf
options to prevent anyone but localhost from
connecting. Likewise, you
should disable access to the port at your firewall.
: The last question: I ran SAINT 3.4 (old version) and
: it has shown me a buffer overflow vulnerability with
: CUPS.
: I am not sure if this is true. If it were true,
would
: Suse or other security firms not have reported this
: and fixed it by now?
Probably not. If you're keeping up to date on your
patches via YOU then
you're okay. Most scanners will report back on the
version string and
present you with a false-positive.
That should just about cover it.
--Jerry
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
>Probably not. If you're keeping up to date on your
>patches via YOU then you're okay.
I am keeping up to date with the patches. As you said,
it might have been because of the version string.
I haven't come across any website or other resource
where I can find what each "port-service" mean and
what their purpose is (except for the standard ports
like ftp, http, telnet, smtp etc.)
I have another question with regard to the
SuseFirewall2. How do I know if the firewall is
running or not? What is the application/process that
is run when the firewall is started. I didn't find any
new process in the process list (may be, I didn't look
closely) when the firewall is started. Where does the
logged data from the firewall go? Are there any GUI
tools to interpret the data and alert me, if something
is not right? or better yet, to inform me right when
it happens, rather than I look for it in the logs?
Appreciate your help.
--Jay
: Hi,
: I have Suse 8.1 Pro on my home computer.
: I ran "netstat -antu" which showed me a couple of
open
: ports - 68, 111, 631 and 6000 (I pasted the output
: below). I looked at "/etc/services" to see what each
: port mean, but I didn't know what was the purpose of
: those services and which application opened them.
: I am just wondering whether they should be open on a
: typical home computer. If so, which application uses
: them?
Here's a quick breakdown:
68: bootp/dhcp (needed if grabbing ip via DHCP)
111: portmapper (needed if running RPC services)
631: cupsd (needed if you want to print)
6000: X windows -- turn this off
Some Notes:
The portmapper is necessary if you're using RPC
services like NFS.
Run 'rpcinfo -p' to see what RPC services are
running. If there are
none running, then it's safe to turn this off.
The X-windows port should be turned off. Run the X
server with the
'-nolisten tcp' option.
: Another question I have is, does CUPSD need to be
run
: to be able to just print documents. The machine is
NOT
: a print server.
Au contraire. It is a print server. It's just serving
the locally
connected printer. You should probably look at the
various cupsd.conf
options to prevent anyone but localhost from
connecting. Likewise, you
should disable access to the port at your firewall.
: The last question: I ran SAINT 3.4 (old version) and
: it has shown me a buffer overflow vulnerability with
: CUPS.
: I am not sure if this is true. If it were true,
would
: Suse or other security firms not have reported this
: and fixed it by now?
Probably not. If you're keeping up to date on your
patches via YOU then
you're okay. Most scanners will report back on the
version string and
present you with a false-positive.
That should just about cover it.
--Jerry
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
| < Previous | Next > |