Thank you Jerry, Thorsten and others.
Probably not. If you're keeping up to date on your patches via YOU then you're okay. I am keeping up to date with the patches. As you said, it might have been because of the version string.
I haven't come across any website or other resource where I can find what each "port-service" mean and what their purpose is (except for the standard ports like ftp, http, telnet, smtp etc.) I have another question with regard to the SuseFirewall2. How do I know if the firewall is running or not? What is the application/process that is run when the firewall is started. I didn't find any new process in the process list (may be, I didn't look closely) when the firewall is started. Where does the logged data from the firewall go? Are there any GUI tools to interpret the data and alert me, if something is not right? or better yet, to inform me right when it happens, rather than I look for it in the logs? Appreciate your help. --Jay : Hi, : I have Suse 8.1 Pro on my home computer. : I ran "netstat -antu" which showed me a couple of open : ports - 68, 111, 631 and 6000 (I pasted the output : below). I looked at "/etc/services" to see what each : port mean, but I didn't know what was the purpose of : those services and which application opened them. : I am just wondering whether they should be open on a : typical home computer. If so, which application uses : them? Here's a quick breakdown: 68: bootp/dhcp (needed if grabbing ip via DHCP) 111: portmapper (needed if running RPC services) 631: cupsd (needed if you want to print) 6000: X windows -- turn this off Some Notes: The portmapper is necessary if you're using RPC services like NFS. Run 'rpcinfo -p' to see what RPC services are running. If there are none running, then it's safe to turn this off. The X-windows port should be turned off. Run the X server with the '-nolisten tcp' option. : Another question I have is, does CUPSD need to be run : to be able to just print documents. The machine is NOT : a print server. Au contraire. It is a print server. It's just serving the locally connected printer. You should probably look at the various cupsd.conf options to prevent anyone but localhost from connecting. Likewise, you should disable access to the port at your firewall. : The last question: I ran SAINT 3.4 (old version) and : it has shown me a buffer overflow vulnerability with : CUPS. : I am not sure if this is true. If it were true, would : Suse or other security firms not have reported this : and fixed it by now? Probably not. If you're keeping up to date on your patches via YOU then you're okay. Most scanners will report back on the version string and present you with a false-positive. That should just about cover it. --Jerry __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com