Others have covered what to shut down.  Better yet, enable
ipchains/iptables, disable everything, and only enable what you need.

I also recommend using ssh/scp instead of telnet/ftp.

nick phillips said:
> all this talk of rootkits made me curious, so i did a 'lsof | grep
> LISTEN' on my athlon box and got this:
>
> portmap   207 daemon    4u  IPv4        191      TCP *:sunrpc (LISTEN)
> inetd     325   root    4u  IPv4        379      TCP *:discard (LISTEN)
> inetd     325   root    6u  IPv4        381      TCP *:daytime (LISTEN)
> inetd     325   root    7u  IPv4        382      TCP *:time (LISTEN)
> inetd     325   root   10u  IPv4        385      TCP *:smtp (LISTEN)
> inetd     325   root   11u  IPv4        386      TCP *:auth (LISTEN)
> inetd     325   root   12u  IPv4        387      TCP *:32768 (LISTEN)
> lpd       332   root    6u  IPv4        459      TCP *:printer (LISTEN)
> sshd      339   root    3u  IPv4        471      TCP *:ssh (LISTEN)
> rpc.statd 450   root    6u  IPv4        609      TCP *:632 (LISTEN) famd
>      533   nick    0u  IPv4        387      TCP *:32768 (LISTEN) famd
>   533   nick    1u  IPv4        387      TCP *:32768 (LISTEN) famd
> 533   nick    2u  IPv4        387      TCP *:32768 (LISTEN
>
> doing some googling around, it seems famd is doing some DNS stuff,
> rpc.statd is monitoring network status, and inetd is providing a bunch
> of services i don't really need -- please correct me if i'm wrong!
>
> i'm interested in learning about the potential vulnerabilities of these
> services, about which ones are really necessary and which ones i can
> turn off -- and how. could anybody point me towards a good
> online/offline resource for learning about how to protect against
> potential attacks? any leads would be appreciated.
>
> best,
> nick
>
>
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> http://www.mn-linux.org tclug-list at mn-linux.org
> https://mailman.real-time.com/mailman/listinfo/tclug-list




_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list