Others have covered what to shut down. Better yet, enable ipchains/iptables, disable everything, and only enable what you need. I also recommend using ssh/scp instead of telnet/ftp. nick phillips said: > all this talk of rootkits made me curious, so i did a 'lsof | grep > LISTEN' on my athlon box and got this: > > portmap 207 daemon 4u IPv4 191 TCP *:sunrpc (LISTEN) > inetd 325 root 4u IPv4 379 TCP *:discard (LISTEN) > inetd 325 root 6u IPv4 381 TCP *:daytime (LISTEN) > inetd 325 root 7u IPv4 382 TCP *:time (LISTEN) > inetd 325 root 10u IPv4 385 TCP *:smtp (LISTEN) > inetd 325 root 11u IPv4 386 TCP *:auth (LISTEN) > inetd 325 root 12u IPv4 387 TCP *:32768 (LISTEN) > lpd 332 root 6u IPv4 459 TCP *:printer (LISTEN) > sshd 339 root 3u IPv4 471 TCP *:ssh (LISTEN) > rpc.statd 450 root 6u IPv4 609 TCP *:632 (LISTEN) famd > 533 nick 0u IPv4 387 TCP *:32768 (LISTEN) famd > 533 nick 1u IPv4 387 TCP *:32768 (LISTEN) famd > 533 nick 2u IPv4 387 TCP *:32768 (LISTEN > > doing some googling around, it seems famd is doing some DNS stuff, > rpc.statd is monitoring network status, and inetd is providing a bunch > of services i don't really need -- please correct me if i'm wrong! > > i'm interested in learning about the potential vulnerabilities of these > services, about which ones are really necessary and which ones i can > turn off -- and how. could anybody point me towards a good > online/offline resource for learning about how to protect against > potential attacks? any leads would be appreciated. > > best, > nick > > > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list