On Mon, 25 Aug 2003, Thomas Vander Stichele wrote:
On Mon, 2003-08-25 at 13:50, rhldevel(a)assursys.co.uk wrote:
> 111/tcp open sunrpc
> 111/udp open sunrpc
both are necessary for NFS mounts to work, since these requests go
Sure, but no NFS mounts were configured on install. Perhaps anaconda
should parse /etc/fstab if an upgrade install is being performed to
determine whether portmap is likely to be necessary or not.
> 1010/udp open unknown
check with netstat to see what is running here, have no idea.
rpc.statd. See above.
> 6000/tcp open X11
AFAIK this doesn't mean anyone can connect; there's still a lot of X
authority stuff to get through (specifically, the X runner needs to
authorize outside connections).
I'm thinking in terms of DoS and zombies-via-buffer-overflow of the X server
(which is running with root privs, too, of course). Any listening service is
a potential risk, even if it requires authentication before it can be used
in the "normal" way.
I think this setup is pretty safe :) What exactly do you not trust ?
Everyone and everything, but that's a topic for another thread entirely. ;-)