[lug] Firewall / Lockdown questions
dio2002 at indra.com
dio2002 at indra.com
Wed Aug 1 01:35:47 MDT 2007
>
> On Jul 31, 2007, at 8:21 PM, Brad Crotchett wrote:
>
>> On Tue, 2007-07-31 at 18:52 -0600, dio2002 at indra.com wrote:
>>
>>> Is there a way to confirm using netstat on localhost that smtp /
>>> 25 is
>>> ONLY ACCEPTING on 127.0.0.1 versus accepting on 0.0.0.0? I'm
>>> thinking
>>> there is a way to confirm this functionality on the box without
>>> having to
>>> issue a command over the network from a separate box. just not
>>> sure how?
>>
>> 'netstat -an' should show you what local address a service is
>> listening
>> on.
>
> Yes, but listening daemons can listen for incoming from anything and
> then reject connections from specific addresses. That's what he was
> asking was if you could see at the OS level what the application
> layer will reject.
>
> The answer is, of course, no. When security restrictions are handled
> at the application, all the OS knows is that the daemon is listening
> for connections on a port number. The OS doesn't know that the
> daemon will disconnect anyone coming in from a blacklisted address.
In my case, brad's suggestion actually works because my smtp is only
listening on 127.0.0.1. Which was the main thing i needed to verify. for
services that listen on interfaces exposed to the internet, what you say
is true. i guess you have to close it down in the service's config or via
firewall and then bang on the connection from the outside with nmap and
the like.
thanks
>
> --
> Nate Duehr
> nate at natetech.com
>
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list