every distro of linux you get, when you do a fresh install, has all it's ports open and everything. You have to go and close them, to how you want them. While many newbies don't know about this, they're getting hacked, and they find that out, and they quit linux.

Wouldn't it be so much smarter to sell a distro that comes where you have to open the ports you want, or something like that? that way you don't have any extra ones open... on a normal install of linux, i find i have sendmail, finger, talk, time, auth, pop3, telnet, http, ftp, and a few others open... on my server i may run a few more than others, but for newbies, they might just want a couple, so why do we leave them all open?

I was wondering if anyone could explain this to me... or if anyone else had ever thought about this..

I agree its silly. What newbie would want an FTP server open before (s)he's figured out what firewall even is? <shrugs>

I think it depends upon the distro and the install. I have Debian potato, and when I installed, I took the base system + Xfree86 and C/C++ tools. So I do not have a ftpd telnetd sshd httpd inetd etc running for nothin.

I have Mandrake 7.2 and ran several probes at web sites and I came up "closed". I have since added a firewall and ran the same tests and now come back "stealth"

I wouldnt give the "web-tests" much... Get nmap from freshmeat and scan your own machine instead. It will show everything.

Originally posted by Letalis:
I wouldnt give the "web-tests" much... Get nmap from freshmeat and scan your own machine instead. It will show everything.

I got nmap running and scanned my IP address
(ports 1-65535)
I have one port open
(port 6000/TCP - service/X11)
How do I close this or can I close this?

Thanks!

Originally posted by dhaze:
I got nmap running and scanned my IP address
(ports 1-65535)
I have one port open
(port 6000/TCP - service/X11)
How do I close this or can I close this?

Thanks!



Run from the console instead of X

X has to have a port open....(I believe..though I could be wrong...)



------------------
http://www.tinyminds.f2s.com
SlackHacks Forums (http://www.slackhacks.f2s.com/cgi-bin/ikonboard.cgi)

Mangeli is correct, X has to have a port open. I think that FreeBSD is the most secure distro right out of the box. You hardly ever hear of a hack for thier distro. Other than that, run PMFirewall with Portsentry backup and logcheck. If they get through all of that, they are a little bit more than the average skript kiddie. I have my portsentry setup so that if anyone gets through pmfirewall and connects to a tripwired port, it executes a shell script that plays a wav from startrek (red alert http://www.linuxnewbie.org/ubb/smile.gif)
and then runs a traceroute on the ip and logs it to a file. But, FreeBSD is the most secure.

------------------
---Meddle not in the affairs of Dragons, for thou art but a snack, and tasty with ketchup---
Http://www.geocities.com/mountainmancentral

Originally posted by dhaze:
I got nmap running and scanned my IP address
(ports 1-65535)
I have one port open
(port 6000/TCP - service/X11)
How do I close this or can I close this?

Thanks!


With ipchains http://www.linuxnewbie.org/ubb/biggrin.gif

Andrzej

As it has been said in the past, LINUX was not made for the newbie in mind. Thats why it is up to us as a whole to help the newbie get their system straight and prtected until they are able to walk on their own. Thanks to the people here and other linux friends I have learn a whole deal about linux to the point that I have made it my career and the best part about it.... get paid for it.... hehehe.... That brings me to this point, Thank you everybody for aall the help you have provided in helping me and the others. This place is a great place to read, learn, post, and review. If it wasnt for me finding this place I wouldnt be as far as I am today with LINUX.

Again thank you

Sokertes

------------------
I wasn't born with enough middle fingers

Life is hell til you find LINUX, then your beyond heavan

Originally posted by dhaze:
I got nmap running and scanned my IP address
(ports 1-65535)
I have one port open
(port 6000/TCP - service/X11)
How do I close this or can I close this?

Thanks!

Just do:
echo "exec X -nolisten tcp" > /etc/X11/xinit/serverrc

Or, at least, that's what I would do (I'm running X 4.0.2, so it may be different for X 3.x)