<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2448.0">
<TITLE>RE: Red Hat & Solaris port security</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Many applications reference the services file to determine what port to run on. Depending on the app it may not start properly without a defined port in the services directory. Perhaps a better idea would be to change the port numbers on those ports to a certain range that you would monitor and if those ports became active you would be notified of someone being unfriendly on your box. I am not sure what he plans to kill -HUP. If you are getting that paranoid I would assume that your inetd.conf file was long ago configured without those services running. </FONT></P>
<P><FONT SIZE=2>> -----Original Message-----</FONT>
<BR><FONT SIZE=2>> From: Truman Boyes [<A HREF="mailto:truman@RESEARCH.SUSPICIOUS.ORG">mailto:truman@RESEARCH.SUSPICIOUS.ORG</A>]</FONT>
<BR><FONT SIZE=2>> Sent: Tuesday, May 09, 2000 3:39 PM</FONT>
<BR><FONT SIZE=2>> To: VPN@SECURITYFOCUS.COM</FONT>
<BR><FONT SIZE=2>> Subject: Re: Red Hat & Solaris port security</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> On Mon, 8 May 2000, Jose Muniz wrote:</FONT>
<BR><FONT SIZE=2>> > Then you can also if you are a bit more paranoid, which you </FONT>
<BR><FONT SIZE=2>> should be then</FONT>
<BR><FONT SIZE=2>> > you comment</FONT>
<BR><FONT SIZE=2>> > the port to services lines on /etc/services.</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > And then you kill -HUP the process.</FONT>
<BR><FONT SIZE=2>> > Jose Muniz.</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Hi,</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> I do not see how editing the ports on /etc/services </FONT>
<BR><FONT SIZE=2>> adds any more</FONT>
<BR><FONT SIZE=2>> security to your machine. It is just a table of services to </FONT>
<BR><FONT SIZE=2>> ports... At</FONT>
<BR><FONT SIZE=2>> the most, commenting those lines out would just prevent you from</FONT>
<BR><FONT SIZE=2>> accidentally referencing those service names in your firewall</FONT>
<BR><FONT SIZE=2>> configs. Is there something I am not getting about that file, </FONT>
<BR><FONT SIZE=2>> that would</FONT>
<BR><FONT SIZE=2>> have an effect on security ?</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> .truman.boyes.</FONT>
<BR><FONT SIZE=2>> --------------</FONT>
<BR><FONT SIZE=2>> www.suspicious.org</FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> VPN is sponsored by SecurityFocus.COM</FONT>
<BR><FONT SIZE=2>> </FONT>
</P>
<CODE><FONT SIZE=3><BR>
<BR>
***********************************************************************<BR>
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only. <BR>
Messages are not confidential. All e-mail may be reviewed by <BR>
authorized supervisors, compliance or internal audit personnel.<BR>
E-mail will be archived for at least three years and may be produced <BR>
to regulatory agencies or others with a legal right to access such<BR>
information. Gruntal will not accept trade order instructions via<BR>
e-mail. Please telephone your Account Executive to place trade orders.<BR>
<BR>
Gruntal & Co., L.L.C.<BR>
***********************************************************************<BR>
</FONT></CODE></BODY>
</HTML>