When someone wants a reinstall of there linux lets say redhat and security issues came out exploits bugs etc. So they got there system configured after the reinstall and connect to the net but he/she has to get those security issues patched up. Does this mean this person can get hacked before he gets to his security patches, and updates his system?
If so what can they do?
I also wanted to know what range of ports shall i use when i scan myself with nessus 1-1500 or is default better?

>Does this mean this person can get hacked before he gets to his security patches, and updates his system?

Yes. If there are remote vulnerabilities in that version of linux, then your reinstall will be vulnerable until you patch them.

>If so what can they do?
If you're really worried about getting hacked, you can download the errata on a secure machine and then transfer it to the reinstalled machine on some type of media (floppy, ZIP, CD-RW). To be honest with you though, the likelihood of getting hacked in the 15-20 minutes it takes to install the patches isn't really that high, so if you're willing to chance it, you'll probably be alright. But if security is important, it might be something worth thinking about.

thanks for clearing that out for me Capt.

To make this more clear, this definately isn't a time issue, apart from host/vulnerable services discovery, but the *amount* of services you run while performing an update. If you turn off all network-facing services you don't need for updating (thats all services in listening state apart from your IDS) and set your firewall to a default policy of DENY and only allow initiating/established connections to your gw, DNS and the .redhat.com hosts chances are zero your box can be cracked that way.

As with all packages you install/upgrade, please inspect them and verify the GPG signature.