Re: Port 123 and ipv6
On Tue, 28 Jan 2014 15:00:43 +0800
lina <lina.lastname@gmail.com> wrote:
> 1] about port 631, can I turn it off? since I only print very
> occasionally, I don't know the real purpose of cupsd;
As others said, listening port 631 on loopback interface is not a
problem.
>
> 2] I don't know why the dhclient occupy several ports to listen, and
> what's a little annoying is that seems my IP address barely changed even
> I reboot after one night.
> tcp6 0 0 :::143 :::*
> LISTEN 2731/couriertcpd
Running IMAP server on a desktop is an uncommon thing.
Do you really need it?
> udp 0 0 0.0.0.0:68 0.0.0.0:*
> 3690/dhclient
> udp 0 0 0.0.0.0:68 0.0.0.0:*
> 3396/dhclient
> udp 0 0 0.0.0.0:68 0.0.0.0:*
> 3158/dhclient
You're running 3 different DHCP clients at once (notice different
process-ids).
If you're using ifupdown, that's probably
misconfigured /etc/network/interfaces.
If you're using NetworkManager - you've hit some NM bug probably.
> I read something online earlier,
> "Currently there are no comfortable tools out which are able to check a
> system over network for IPv6 security issues. Neither Nessus nor any
> commercial security scanner is as far as I know able to scan IPv6
> addresses." (from
> http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/ipv6-security-auditing.html)
This information is obsolete. See (latter is available in the Debian
main archive):
http://www.si6networks.com/tools/ipv6toolkit
http://nmap.org/download.html
And once one finds hosts's IP, it's irrelevant whenever host in
question is using IPv4 or IPv6.
If you're really concerned about security, I'd suggest you to use
iptables (and ip6tables).
Reco
Reply to: