all this talk of rootkits made me curious, so i did a 'lsof | grep LISTEN' on my athlon box and got this: portmap 207 daemon 4u IPv4 191 TCP *:sunrpc (LISTEN) inetd 325 root 4u IPv4 379 TCP *:discard (LISTEN) inetd 325 root 6u IPv4 381 TCP *:daytime (LISTEN) inetd 325 root 7u IPv4 382 TCP *:time (LISTEN) inetd 325 root 10u IPv4 385 TCP *:smtp (LISTEN) inetd 325 root 11u IPv4 386 TCP *:auth (LISTEN) inetd 325 root 12u IPv4 387 TCP *:32768 (LISTEN) lpd 332 root 6u IPv4 459 TCP *:printer (LISTEN) sshd 339 root 3u IPv4 471 TCP *:ssh (LISTEN) rpc.statd 450 root 6u IPv4 609 TCP *:632 (LISTEN) famd 533 nick 0u IPv4 387 TCP *:32768 (LISTEN) famd 533 nick 1u IPv4 387 TCP *:32768 (LISTEN) famd 533 nick 2u IPv4 387 TCP *:32768 (LISTEN doing some googling around, it seems famd is doing some DNS stuff, rpc.statd is monitoring network status, and inetd is providing a bunch of services i don't really need -- please correct me if i'm wrong! i'm interested in learning about the potential vulnerabilities of these services, about which ones are really necessary and which ones i can turn off -- and how. could anybody point me towards a good online/offline resource for learning about how to protect against potential attacks? any leads would be appreciated. best, nick _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list