Re: Port 123 and ipv6

To: debian-user@lists.debian.org
Subject: Re: Port 123 and ipv6
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Tue, 28 Jan 2014 18:26:01 +1100
Message-id: <[🔎] 52E75B89.2010909@gmail.com>
In-reply-to: <[🔎] 52E7559B.6050703@gmail.com>
References: <[🔎] 52E74375.7000201@gmail.com> <[🔎] 20140128102837.5cda35594a4b28fc9a270629@gmail.com> <[🔎] 52E7559B.6050703@gmail.com>

On 28/01/14 18:00, lina wrote:
>>> I read something online, and wonder:
>>> 1] shall I close the port 123
>>
>> Probably you should, unless you're providing ntp to some other hosts.s
> 
> I have disabled the ntp. Here is other two things:
> 
> 1] about port 631, can I turn it off? since I only print very
> occasionally, I don't know the real purpose of cupsd;

CUPS daemon is part of your printing support

> 
> 2] I don't know why the dhclient occupy several ports to listen, and
> what's a little annoying is that seems my IP address barely changed even
> I reboot after one night.
> 
> 
> # netstat -nltup
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State       PID/Program name
> tcp        0      0 127.0.0.1:631           0.0.0.0:*
> LISTEN      3288/cupsd
> tcp        0      0 127.0.0.1:25            0.0.0.0:*
> LISTEN      3776/exim4
> tcp        0      0 127.0.0.1:2628          0.0.0.0:*
> LISTEN      3268/0
> tcp6       0      0 ::1:631                 :::*
> LISTEN      3288/cupsd
> tcp6       0      0 :::143                  :::*
> LISTEN      2731/couriertcpd
> udp        0      0 0.0.0.0:68              0.0.0.0:*
>         3690/dhclient
> udp        0      0 0.0.0.0:68              0.0.0.0:*
>         3396/dhclient
> udp        0      0 0.0.0.0:68              0.0.0.0:*
>         3158/dhclient
> udp        0      0 0.0.0.0:47447           0.0.0.0:*
>         3396/dhclient
> udp        0      0 0.0.0.0:56026           0.0.0.0:*
>         3690/dhclient
> udp        0      0 0.0.0.0:57235           0.0.0.0:*
>         3158/dhclient
> udp6       0      0 :::21529                :::*
>         3158/dhclient
> udp6       0      0 :::56026                :::*
>         3396/dhclient
> udp6       0      0 :::27602                :::*
>         3690/dhclient
> 
> 
>>
>>> 2] disable ipv6
>>
>> Is there something malfunctioning on this host? Or is there any service
>> that misbehaves with ipv6?
> 
> I read something online earlier,
> "Currently there are no comfortable tools out which are able to check a
> system over network for IPv6 security issues. Neither Nessus nor any
> commercial security scanner is as far as I know able to scan IPv6
> addresses." (from
> http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/ipv6-security-auditing.html)


Keyword "commercial". And I still don't believe that information is
correct. IPV6 security testing is very well supported by Open Source tools

Try wireshark, the better, Open Source, version of Nessus:-
# apt-get install wireshark


Also take a look at TCH-IPv6:-
https://www.thc.org/thc-ipv6/

IPV6ToolKit:-
http://www.si6networks.com/tools/ipv6toolkit/

And for firewall testing, ft6:-
https://redmine.cs.uni-potsdam.de/projects/ft6/wiki

The latter is part of the IPv6 Intrusion Detection System Project:-
http://www.idsv6.de/en/index.html



> 
>>
>> Reco
>>
>>
> 
> 


Kind regards

Reply to:

References:
- Port 123 and ipv6
  - From: lina <lina.lastname@gmail.com>
- Re: Port 123 and ipv6
  - From: Reco <recoverym4n@gmail.com>
- Re: Port 123 and ipv6
  - From: lina <lina.lastname@gmail.com>

Prev by Date: how to remove ? directory
Next by Date: Re: i915: wheezy / jessie freeze under X
Previous by thread: Re: Port 123 and ipv6
Next by thread: Re: Port 123 and ipv6
Index(es):
- Date
- Thread