Re: is it rational to close the 139 port
On Sun 22 Jul 2012 at 18:08:25 +0800, lina wrote:
> On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner <email@example.com> wrote:
> > On 7/22/2012 3:37 AM, lina wrote:
> >> P.S I also found
> >> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
> >> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
> >> tcp 0 0 0.0.0.0:538 0.0.0.0:* LISTEN
> > Instead of doing this piecemeal, post the output of:
> > ~$ netstat -ant|grep LISTEN
> > and we'll go through the list together, trimming the fat.
> # netstat -ant|grep LISTEN
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
> tcp 0 0 0.0.0.0:538 0.0.0.0:* LISTEN
> tcp6 0 0 :::143 :::* LISTEN
> tcp6 0 0 :::80 :::* LISTEN
> tcp6 0 0 :::22 :::* LISTEN
> tcp6 0 0 ::1:631 :::* LISTEN
> Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, respectively,
CUPS and the mailserver only listen for connections from localhost. This
is as safe as it gets without removing the two services.
The ssh and webserver daemons are available on the network. Presumably
this is what you want. Their security will depend on how you have
configured them. Debian sshd can be run safely with the default install.
For port 538 try
lsof -i :538
It's probably gdomap, which is part of GNUstep. By default it will not
probe for other servers (see /etc/default/gdomap), so that looks ok.
Only you know whether you need GNUstep.
Port 143 is likely to be imap. It too can be accessed from the network.
Is that your intention?
Heaven above knows why you need a firewall. These services are quite
capable of getting on with life without iptables being involved. So are