Re: [Sheflug] Security (again, the final word)

[Barrie Bremner <nospam [at] ecosse.net>]

Craig Andrews wrote:
> 
> Well, I have been on a disabling spree, and taken out many useless
> services (I am not a webserver, intranet server, or any server. Just a
> single machine with a dial up connection.)
> 
> ShieldsUP now reports:
> 
> 21 - FTP                closed
> 23 - Telnet             stealth
> 25 - SMTP               stealth
> 79 - Finger             closed
> 80 - HTTP               closed
> 110 - POP3              closed
> 113 - IDENT             OPEN
> 139 - netBIOS           closed
> 143 - IMAP              closed
> 443 - HTTPS             closed
> 
> So the situation has improved slighly. Still firewall practice would be
> nice (I am planning on building a new mail/proxy server for work if they
> provide the bits. Debian or SuSE can provide the software ;-)

 You should have ssh on port 22, if that's set up correctly, and telnet
should be closed, not stealth.
Are you using sendmail (SMTP port 25)? If not, shut the service down.
 You can still send mail via your ISPs mailservers without having to run
sendmail.

 I'm in the same boat as you, PPP line with dynamic IP, although I run a
few internal services that only I want to access (AOLserver, Oracle,
caching DNS for internal network, masqdialer, UPS monitoring via
network), and I want to allow ssh connections from a few IP.
--
Barrie J. Bremner

Email:     TheEnglishman [at] ecosse.net
           (PGP public key available at pgp.mit.edu)

URL:       http://www.geocities.com/thefatenglishman

Telephone: UK 01672 811246
Mobile:    UK 07968 792975

 Help Micro$oft wipe out piracy - get Linux.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.