Hello. On Sun, Jan 21, 2001 at 08:15:42AM -0800, Erik Hollensbe wrote: > Basically, I'm having a hard time understanding why the portmapper, rpc.*, > etc, (especially NFS) are default installed and in runlevel 2. Yeah, I would ship my own distribution with _nothing_ secured, and all daemons running around like hell, because this way I can get easy access to my own distro on other machines! Of course I would sell it under the slogan "everything preinstalled", hehe. Oh, btw, its interesting that the Debian FTP server at ftp.debian.de is making an ident request. I am rejecting this, but perhaps with DENY there would be a timeout? It is especially annoying if you installed logcheck and every time you use apt-get you get mail ;) Firewall log entry: $date localhost kernel: Packet log: www-me REJECT ppp0 PROTO=6 141.76.2.4:1939 $myhost:113 L=60 S=0x00 I=55214 F=0x4000 T=53 SYN (#1) My suggestion is to remove the portmapper from standard install and make it optional. And if you install it, disable all services from it per default. Then, prompt a message "use update-inetd to enable this or that daemon". Bastian Kleineidam
Attachment:
pgpfKRiZ6WIF8.pgp
Description: PGP signature