Re: Port 123 and ipv6
>> I read something online, and wonder:
>> 1] shall I close the port 123
>
> Probably you should, unless you're providing ntp to some other hosts.s
I have disabled the ntp. Here is other two things:
1] about port 631, can I turn it off? since I only print very
occasionally, I don't know the real purpose of cupsd;
2] I don't know why the dhclient occupy several ports to listen, and
what's a little annoying is that seems my IP address barely changed even
I reboot after one night.
# netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 3288/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:*
LISTEN 3776/exim4
tcp 0 0 127.0.0.1:2628 0.0.0.0:*
LISTEN 3268/0
tcp6 0 0 ::1:631 :::*
LISTEN 3288/cupsd
tcp6 0 0 :::143 :::*
LISTEN 2731/couriertcpd
udp 0 0 0.0.0.0:68 0.0.0.0:*
3690/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:*
3396/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:*
3158/dhclient
udp 0 0 0.0.0.0:47447 0.0.0.0:*
3396/dhclient
udp 0 0 0.0.0.0:56026 0.0.0.0:*
3690/dhclient
udp 0 0 0.0.0.0:57235 0.0.0.0:*
3158/dhclient
udp6 0 0 :::21529 :::*
3158/dhclient
udp6 0 0 :::56026 :::*
3396/dhclient
udp6 0 0 :::27602 :::*
3690/dhclient
>
>> 2] disable ipv6
>
> Is there something malfunctioning on this host? Or is there any service
> that misbehaves with ipv6?
I read something online earlier,
"Currently there are no comfortable tools out which are able to check a
system over network for IPv6 security issues. Neither Nessus nor any
commercial security scanner is as far as I know able to scan IPv6
addresses." (from
http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/ipv6-security-auditing.html)
>
> Reco
>
>
Reply to: