re: security and results of netstat probe

ergo_sum · 11-15-2003, 09:26 AM

Hello All:

In acknowledgement of what I don't know (and paranoia) I did a:

netstat -an | grep LISTEN

and obtained the following:

tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5180 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 1427 /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 2240 /tmp/ksocket-root/kdein it-:0
unix 2 [ ACC ] STREAM LISTENING 1626 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 1481 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 1952 /tmp/.ICE-unix/dcop1179 -1068909301
unix 2 [ ACC ] STREAM LISTENING 2067 /tmp/.ICE-unix/1207
unix 2 [ ACC ] STREAM LISTENING 1945 /tmp/ksocket-elsteamola /kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 1976 /tmp/ksocket-elsteamola /klauncherjvTZva.slave-socket
unix 2 [ ACC ] STREAM LISTENING 2267 /tmp/ksocket-root/klaun cherpHSvdc.slave-socket
unix 2 [ ACC ] STREAM LISTENING 2245 /tmp/.ICE-unix/dcop1235 -1068909352
unix 2 [ ACC ] STREAM LISTENING 2045 /tmp/mcop-elsteamola/lo

please tell me I have nothing major to worry about. Specifically, what is /tmp/ksocket-root/klaun????

ergo_sum

TheOther1 · 11-15-2003, 11:35 AM

Check here for common ports. As for klaun, looks like a KDE Launcher type listner. If your firewall is configured not to accept any external traffic on those ports, you should be OK. Are you running KDE as your desktop?

ergo_sum · 11-15-2003, 03:19 PM

Let me ask some more questions here.
I'm using regular dialup w/ my isp, which is using dhcp for assigning tcp/ip addresses. Can I still configure a firewall and use it in a way that won't be obtrusive for me? On RH 7.3, what exactly is the firewall called?

ergo_sum

TheOther1 · 11-15-2003, 04:09 PM

Sure you can.

Run this for the details on ipchains (the firewall):

man ipchains

There are many firewall builders out there, I like this one

ergo_sum · 11-15-2003, 06:25 PM

Doesn't the distro come w/ a firewall, and isn't ipchains a firewall itself?

TheOther1 · 11-15-2003, 06:34 PM

Yes, ipchains is a firewall. fwbuilder makes it VERY easy to configure complex firewall rules. You can do it from the command line, if you would prefer. I just like the GUI.