[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Security


> As a dial-up user, I'm rarely connected for long, but I like to be safe.
> > 
> >  To reuse an old phrase: just because you aren't paranoid, doesn't mean
> > they're not out to get you :-)
> > 
> 
> One of my personal favourites ;-)
> 
> I think I will disable everything bar sendmail and ident (I'm not on a
> network, so I never use telnet, ftp or whatever anyhow) and I'll look into
> ipchains etc for protecting whats left.
> 
> cheers all
> 
> Craig
> 

Not knowing how you use your machine, ports that you may want to keep open 
(with ipchains) include:
	remote UDP port 53	- DNS repsonses (if you run a local
					name server)
	remote UDP port 4000	- ICQ server comms (if you use ICQ on your
					machine)
	local UDP port 7103	- Real-player streams

	ICQ may need a set of ports opened local TCP (again, depending on
	which ICQ clone you use, the port range can be specified to ICQ
	for firewall-purposes)

	remote TCP port 20	- For FTP transfers, /or/ use passive FTP

	Quake needs ports open (if you play network quake on your linux
	box - can't remember which port(s) it uses).

Just a further few areas of thought :)

Chris...


-- 
@}-,'--------------------------------------------------  Chris Johnson --'-{ [at] 
    / "(it is) crucial that we learn the difference / sixie [at] nccnet.co.uk  \
   / between Sex and Gender. Therein lies the key  /                       \ 
  / to our freedom" -- LB                         / www.nccnet.co.uk/~sixie \ 


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.