[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie - wants to close ports

On Mon, 30 Sep 2002, Zeno Davatz wrote:

> It give me:
> debian:/etc/snort# netstat -lnp|grep 79
> tcp        0      0    *               LISTEN
> 303/portsentry
> And I also found follwoing article witch I think is very interesting:
> http://lists.debian.org/debian-security/2002/debian-security-200207/msg00324
> .html
> Obviously portsentry opens a lot of ports just to listen on them and is the
> only daemon behind - that results in huge logfiles etc.

There is a good reason for it to do so: it opens ports to detect
connections to them and report it and/or take action on it, if you
instruct it to do so. To have one computer with a running portsentry on a
network often allows you to quickly detect the presence of a worm on a
computer in your network, as it will noisily try to connect to computers
in order to spread itself. However, installing a network package without
knowing precisely what it opens and why is always a bad idea, therefore
the bottom line is that if you don't know why you installed portsentry you
should remove it, and do the same with all other network packages in the
same situation (i.e. you don't know why you installed them). If / when
something breaks because you removed them, you will at least know why you
needed them :)



Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 248     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

Reply to: