Is the default debian machine ripe for port attack?
Oh great, I chose the woody home user installation setup, and after
putting
exit #until i know what it does
as the first line of many of the /etc/init.d/* files, then notice
[using "nmap" which I downloaded] all these things listening to open ports:
discard,daytime,ftp,telnet,smtp,time,finger,pop3,sunrpc,auth,nntp,
imap2,imap3,snpp,printer,unknown,fax,hylafax,webcache,tproxy,vboxd
is the standard procedure to comment them out one by one in
/etc/inetd.conf, at least the ones I would never use or worse, let
folks connect to when i call my ISP? I see hosts.deny is also wide
open.
Is the default debian machine a security eyesore, oren ports and all?
True, I was just connecting to myself on my test but anyways, I
clearly remember choosing the humble home user mode in tasksel that
day when I installed woody. What's the big idea of turning me into a
big Times Square of flashing lights and pop3 imap2 imap3 etc. servers
the likes of which I've never even connected to before myself, and all
at the same time. What, did I hit "I'm a major ISP" in tasksel by
accident?
Anyways, do "security professionals recommend that the debian system
be toned down by the user after installation"?
Anyways, before I figure all that out, I suppose I'll do in /etc/ppp/ip-up.d/00-ipppd:
echo 9 13 21 23 25 37 79 110 111 113 119 143 220 444 515 1024 4557 4559 8080 8081 20012|
xargs -n 1 ipchains -A input -i ppp0 -p TCP --syn -j DENY -l --destination-port
--
http://jidanni.org/ Taiwan(04)25854780
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: