[Gllug] nmap

[Bruce Richardson]

On 1/30/02, 10:51:38 AM, "Jackson, Harry" <HJackson at colt-telecom.com> wrote 
regarding RE: [Gllug] nmap:


> I very rarely do anything deliberately but I would like my windows/RH box 
to
> use the Debian box as its nameserver. I want it like this because BT keep
> changing their bloody namservers in a completely random way. I also use
> UKlinux during the day. I want something dynamic but looking at BIND was 
a
> bit scary so am currently hunting for a more simple method. Pdnsd has 
been
> mentioned.

Works fine.

> >
> > > 111/tcp     open        sunrpc
> >
> > lose that.

> I will require a networked file system and nfs was the first that sprang 
to
> mind but looking on the security HOWTO it did not recommend this.

Since you are running windows at home, samba makes sense as both OSs can 
access it.

> >
> > > 139/tcp            open        netbios-ssn
> >
> > lose that.
> >
> Does Samba require this port.

Yes but you can make Samba listen only on your internal interface.


> I really need to look more at iptables and blocking incoming requests on
> ports.

A safe firewall set-up blocks *everything* going in all directions and 
then allows specific things.

If you have inetd installed on the Debian box I recommend replacing it 
with xinetd.  xinetd is more complex to configure but is much, much 
smarter: you can, for instance, configure services to listen only on 
specific interfaces and can specify default options to cover all 
services.  On my home machine the default is for xinetd only to run 
services on the loopback interface.

  You might also consider running Samba from xinetd - that way Samba gets 
the benefit of xinetd's more sophisticated security.

-- 

Bruce

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug