[Courses] [Security] The useful netstat
Katie Bechtold
katie at katie-and-rob.org
Thu Mar 7 10:14:30 EST 2002
On Wed, Mar 06, 2002 at 05:28:40PM -0500, Raven, corporate courtesan wrote:
> These are less worrisome. Strange that you have "Active IPX
> sockets" in there -- did you add Netware support to your kernel, or are
> you on a Netware network?
This is the kernel that came with RedHat 7.2, but I'm not on a
Netware network.
> You don't have an init script called S87rpcstat or anything like
> that? It's been pretty clearly labeled for me most of the time.
> Portmap might also run it.
Nope, nothing with rpc in the name. I'll assume portmap was running
it.
> Do you want to be able to recieve mail directly
> to this box, too, or will you be POP or IMAPping it from another server?
This box just POPs from another server. Even so, I'd feel better if
I was running qmail as a mailserver and tcpserver as a superserver.
One of these days I'll see if I can work up the courage to try
converting to those.
> NAT will save you from some things, but not everything. It's no
> replacement for a good firewall. Much depends on how your router does
> the NAT. If it's one-to-one address mapping, then you're not
> significantly safer. If it's port forwarding, that is considerably
> safer, because outside attackers are less likely to know your box is
> there. Your NAT device can still get portscanned, of course.
Oh, good -- my NAT router does port forwarding, and it only forwards
ports to those I've explicitly mapped.
--
Katie Bechtold
http://www.katie-and-rob.org/katie/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://linuxchix.org/pipermail/courses/attachments/20020307/d6e087d7/attachment.pgp
More information about the Courses
mailing list