05-24-2002
Turn all of those off.
chargen provides a very quick and easy denial of service attack against you. The rest are just plain not needed. A good security rule is to not allow anything to run that is not necessary.
Under most circumstances, I simply turn inetd / xinetd off altogether. I don't run any servers on my home machines.
If I want to be able to connect to my machine internally via network, but leave the outside (public network) closed up, I use xinetd, since you can bind to an interface.
Even a service as benign as ntpd (as discussed below) can wreak havoc if someone wants to mess with you. Say for example, you set it up insecurely... Any person can spoof their way into tricking your machine to thinks it's another time, or even another day. Next thing you know your cron jobs are all messed up, they may be able to create / modify files on your machine (should they break in) that have different dates / times, etc...
If you're going to run a firewall, the ideal situation (assuming that this box can be dedicated to only that) would be to turn off everything. Allow console access only, no remote services, just IP forwarding. A Unix like OpenBSD works great for this, since it installs pretty bare by default.
There are a few good books out there on building firewalls. It might be a good idea to invest a few bucks in one.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi!!,
I have been working on a HP UX box all these days.. For adding a user defined service, I used to put an entry for this service corresponing to a port number in /etc/services. These services were then defined in inetd.conf.
Now I have moved to Mandrake linux. I can find a file named... (2 Replies)
Discussion started by: jyotipg
2 Replies
2. Shell Programming and Scripting
Hi
I have a question, what is the purpose of this command and what will it do
"refresh -s inetd"
Thanks in Advance
Swaraj (3 Replies)
Discussion started by: kswaraj
3 Replies
3. HP-UX
--------------------------------------------------------------------------------
Hi All ,
I have a client an server among which i want to make the server an inetd process.
I have enries in etc/services and etc/inetd.conf
The enries looks like below
etc/services
servername 5551/tcp... (4 Replies)
Discussion started by: binums
4 Replies
4. HP-UX
To anyone who can help.
I am trying to get VNC running using the inetd capability and I am having problems. I have VNC running fine when I manually log into the server through FTP or SSH and start it and then start the viewer on my PC.
I have tried a few things I have found on different... (0 Replies)
Discussion started by: punkdeviant
0 Replies
5. Red Hat
I need to put the following line in inetd.conf:
stats stream tcp nowait nobody /usr/local/bin/mrtgsysinfo mrtgsysinfo
but my version of linux don't seem to allow that, ie there is no inetd.conf. How do i set that up in linux (red hat enterprise 3). (15 Replies)
Discussion started by: frankkahle
15 Replies
6. IP Networking
Hi , I need help, today I restarted the server, when the machine was up, it had been to writte in the file osmlog that :
"inetd: talk/udp: bind: Address already in use"
This message appears in ten minutes every time. Why ?
Thanks. (6 Replies)
Discussion started by: By_Jam
6 Replies
7. UNIX for Dummies Questions & Answers
I'm trying to edit the inetd.conf but for some reason when I vi into it, it says "Read Only" even though I am root and the perms are 777?!? (2 Replies)
Discussion started by: shorty
2 Replies
8. UNIX for Dummies Questions & Answers
hi,
is it ok for more than one inetd daemon running at a time?
if not okay, possible to kill the rest and make only one daemon running?
i understand that inetd is a process that enables tcp connections from external sources...kindly advise more on inetd...thanks alot..Happy New Year!:) (2 Replies)
Discussion started by: cromohawk
2 Replies
9. Solaris
Hi All,
When i am trying to restart the inetd daemon it throughing error.
Please find the message and tell me what i need to do ?
Apr 7 22:57:37 HYDOHS01 inetd: ISTATE not in environment
Apr 7 22:57:41 HYDOHS01 inetd: stop: No such file or directory
Apr 7 22:58:01 HYDOHS01 inetd: ... (5 Replies)
Discussion started by: lbreddy
5 Replies
10. Solaris
inet not running on the zone , below is the error we see on svc log
Importing 100235_1-rpc_ticotsord.xml ...Done
inetconv: Error reading from repository
inetconv: Notice: Service manifest for 100235/1 already generated as /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml, skipped... (0 Replies)
Discussion started by: skamal4u
0 Replies
LEARN ABOUT DEBIAN
nntp-pull
NNTP-PULL(1) nntp-pull manual NNTP-PULL(1)
NAME
nntp-pull - fetch articles from the server to the mbox
SYNOPSIS
nntp-pull [options...] groupname [groupname...]
DESCRIPTION
Fetch messages from the server and save them into the mailbox (mbox format). Every argument is supposed to be a name of group, optionally
followed by a '>' character and mbox filename. If the mbox filename is omitted, it defaults to the name of the group.
Besides global options (described in sinntp(1)), nntp-pull command takes following options:
--limit=N
Pull at most N messages.
--reget
Start from the first available message.
EXAMPLES
nntp-pull --server=news.example.org --limit=50 'comp.os.linux>os-linux' Fetches at most the 50 newest articles from the newsgroup
comp.os.linux located on news.example.org server and appends them to the os-linux mailbox file.
nntp-pull --server=news.example.net --reget --limit=3 comp.os.windows Fetches at most the 3 oldest articles from the newsgroup
comp.os.windows located on news.example.net server and appends them to the comp.os.windows mailbox file.
SEE ALSO
sinntp(1)
COPYRIGHT
Copyright (C) 2009, 2010, 2011 Piotr Lewandowski, Jakub Wilk
nntp-pull 1.5 2012-04-18 NNTP-PULL(1)