all this talk of rootkits made me curious, so i did a 'lsof | grep
LISTEN' on my athlon box and got this:

portmap   207 daemon    4u  IPv4        191      TCP *:sunrpc (LISTEN)
inetd     325   root    4u  IPv4        379      TCP *:discard (LISTEN)
inetd     325   root    6u  IPv4        381      TCP *:daytime (LISTEN)
inetd     325   root    7u  IPv4        382      TCP *:time (LISTEN)
inetd     325   root   10u  IPv4        385      TCP *:smtp (LISTEN)
inetd     325   root   11u  IPv4        386      TCP *:auth (LISTEN)
inetd     325   root   12u  IPv4        387      TCP *:32768 (LISTEN)
lpd       332   root    6u  IPv4        459      TCP *:printer (LISTEN)
sshd      339   root    3u  IPv4        471      TCP *:ssh (LISTEN)
rpc.statd 450   root    6u  IPv4        609      TCP *:632 (LISTEN)
famd      533   nick    0u  IPv4        387      TCP *:32768 (LISTEN)
famd      533   nick    1u  IPv4        387      TCP *:32768 (LISTEN)
famd      533   nick    2u  IPv4        387      TCP *:32768 (LISTEN

doing some googling around, it seems famd is doing some DNS stuff,
rpc.statd is monitoring network status, and inetd is providing a bunch
of services i don't really need -- please correct me if i'm wrong!

i'm interested in learning about the potential vulnerabilities of these
services, about which ones are really necessary and which ones i can
turn off -- and how. could anybody point me towards a good
online/offline resource for learning about how to protect against
potential attacks? any leads would be appreciated.

best,
nick




_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list