Re: your mail
Yes, the best policy is always to disable anything on your machine that
you're not using. Those you _are_ using, you then filter the crap out of.
Personally, my workstation-type machines only listen on port 6000 (X), 22
(ssh), and occasionally ftp and tftp if I need them for a specific
purpose. For my server-type machines, subtract X, then add what services
they are providing, which would then be heavily protected.
On Thu, 16 Mar 2000, Peter Cordes wrote:
> This isn't specific to identd, but I'm wondering why you would bother
> filtering the port instead of just not running identd? (I assume you would
> have/do turn off identd in /etc/inetd.conf as well as using doing port
> filtering.) I've never really understood why people filter all kinds of
> ports on their own machine when the ports are closed anyway. The only
> advantage I can see is that if someone hits you with a trojan
> something-or-other, the the bad guys won't be able to talk to it if it picks
> a blocked port. Is this the reason for doing it, or am I missing something?
>
> Filtering ports makes sense when you are protecting a bunch of machines,
> especially ones which you don't run directly, but for a machine filtering
> traffic for only itself, it seems like a waste.
>
> Thanks,
Reply to: