On Sat, 2004-07-24 at 20:47, John Dangler wrote: > -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] > On Behalf Of Chris Hewitt > Sent: Saturday, July 24, 2004 3:06 PM > To: For users of Fedora Core releases > Subject: Re: Open ports on FC2 > > On Sat, 2004-07-24 at 19:30, John Dangler wrote: > > I went to the ShieldsUP!!! site and ran the file sharing and common ports > > tests. According to the results, I allowed ping to reply to their server > > via ICMP echo, and I have port 21 (ftp) and 23 (telnet) open. How do I: > > > > (1) block/ignore ICMP echo requests > > (2) Tell inquirers that ports 21 and 23 exist but are closed to > connections > > John, > > >Unless you need ftp and telnet, I suggest you shut them down: > I don't > >service vsftpd stop > vsftpd isn't running (nor is any other ftp service) > > >Telnet is part of the xinetd super-server. Edit /etc/xinetd.d/telnet and > >change the line: > >disable = no > >to > >disable = yes > > > I don't have a 'telnet' file in /etc/xinetd.d > > >You can check open ports by doing: > >nmap localhost > > nmap localhost reveals: > 22/tcp open SSH > 25/tcp open smtp > 111/tcp open rpcbind > 631/tcp open ipp > 3306/tcp open mysql > 32770/tcp open sometimes-rpc3 > 32771/tcp open sometimes-rpc5 > > Nmap run completed -- 1 IP address (1 host up) scanned in 1.433 seconds The nmap list differs from the ShieldsUP site if it reported ports 21 and 23 with servers on. This accounts for vsftpd not running and presumably you did not install telnet as you do not have a /etc/xinetd.d/telnet file (so it cannot be running). There is another thread presently discussing SSH, its worth reading. Again, if you do not need it I suggest you turn it off: service sshd stop chkconfig --level 345 sshd off I think MySQL can be configured to use internal unix sockets so unless external users need to get at MySQL directly it can be turned off. The others I do not know about, perhaps someone more knowledgeable on the list would answer. HTH Chris
