[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: is it rational to close the 139 port

On Sun, Jul 22, 2012 at 7:32 PM, Brian <ad44@cityscape.co.uk> wrote:
> On Sun 22 Jul 2012 at 18:08:25 +0800, lina wrote:
>
>> On Sun, Jul 22, 2012 at 5:31 PM, Stan Hoeppner <stan@hardwarefreak.com> wrote:
>> > On 7/22/2012 3:37 AM, lina wrote:
>> >
>> >> P.S I also found
>> >>
>> >> tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
>> >> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
>> >> tcp        0      0 0.0.0.0:538             0.0.0.0:*               LISTEN
>> >
>> > Instead of doing this piecemeal, post the output of:
>> >
>> > ~$ netstat -ant|grep LISTEN
>> >
>> > and we'll go through the list together, trimming the fat.
>>
>> # netstat -ant|grep LISTEN
>> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
>> tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
>> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
>> tcp        0      0 0.0.0.0:538             0.0.0.0:*               LISTEN
>> tcp6       0      0 :::143                  :::*                    LISTEN
>> tcp6       0      0 :::80                   :::*                    LISTEN
>> tcp6       0      0 :::22                   :::*                    LISTEN
>> tcp6       0      0 ::1:631                 :::*                    LISTEN
>>
>> Thanks, I only know 22, 25, 631 80 for ssh, email, cups and http, respectively,
>
> CUPS and the mailserver only listen for connections from localhost. This
> is as safe as it gets without removing the two services.
>
> The ssh and webserver daemons are available on the network. Presumably
> this is what you want. Their security will depend on how you have
> configured them. Debian sshd can be run safely with the default install.
>
> For port 538 try
>
>    lsof -i :538
>
> It's probably gdomap, which is part of GNUstep. By default it will not
> probe for other servers (see /etc/default/gdomap), so that looks ok.
> Only you know whether you need GNUstep.
>
> Port 143 is likely to be imap. It too can be accessed from the network.
> Is that your intention?
my email is not function perfectly yet. I don't have much idea about it.
Shall I close it?
>
> Heaven above knows why you need a firewall. These services are quite
> capable of getting on with life without iptables being involved. So are
> you.
Just today one website I cared about failed to open, certainly it's
under attack.
I don't know what other people are capable of, I feel they are capable
of doing lots of things.
Frankly speaking I don't have much energy/channel to arm myself some
intense knowledge to meet some potential defense requirement
(sometimes I read something, but mainly to forget later.).
so the only way I can do now is to understand something very
basic.gradually and patiently, perhaps 10 years later,
and I don't have some strong security feelings, if something wrong
with the laptop, I guess I will unavoidably freak out and at that time
definitely some days will waste.

Thanks with best regards,

P.S, In the past, if some books/webpage/blogs or anything which
inspired you lots in this area, appreciate to share. I don't have CS
background.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20120722113234.GC7631@desktop">http://lists.debian.org/[🔎] 20120722113234.GC7631@desktop
>
Reply to: