-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 How can I make sure tcpwrapper is in use? Can I edit host.allow so only localhost can access? Will it give any trouble? I don't use nfs, I've disabled it, so don't know why does portmap gets on... Philippe Vogel wrote:
Henning Hucke schrieb:
On Sun, 2 Oct 2005, Bruno Cochofel wrote:
When I do a netstat -tlnp I find that portmap LISTEN on port 111 to all interfaces. Hist this safe? Can I change the conf so that only localhosts can connect?
This portmapper is tcpwrapper enabled. So please read "man 5 \ hosts_access".
Since the tcpwrapper is quite simple it is a suitable tool. Nonetheless it would never be a replacement for a propper firewall rule set.
Best regards Henning Hucke
Portmapper is only needed for nfs, mount-daemon and quotas (correct this if I forgot things). So it can be disabled if it isn't needed!
Setting up portmapper listening on local host only is kind'a' difficult (as I intended this as well for some servers). SuSEfirewall2 blocks this traffic as default.
It is recommended to use a firewall if you offer unprotected services to the internet. If you don't have open ports a firewall is normally not needed. Only an open port can be hacked. Don't compare Redmond (TM) firewalls with linux - it's not the same. They want to immitate iptables with kind'a' copy-effect and put a lot a lot more in it and want to call this firewall (a firewall in it's meaning is a portblocker - no more no less)!
If you think you get attacks each time you login:
If you use dial-in or dsl-connections you may get packets related to an earlier connection from another user using the same IP you use. This are normally no attacks to you.
Regards
Philippe
-- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org
iD8DBQFDQEWNvug0e/DKR7kRAoDKAKCKfASvqfUMUtIEZ9yWYtIjwVHnDACgwZ6t fS10BR9F+GVv3soJ1cTeMUY= =8hvh -----END PGP SIGNATURE-----