Topic: Public or Private

[buddy]

Why are my ftp and telnet ports open to the intermet if I have chosen to have them closed with the web based user manager? Is this software buggy or am I not understanding something? Any help would be appreciated.

Buddy

[Gerald]

What version of e-smith?

[Charlie Brady]

buddy wrote:

> Why are my ftp and telnet ports open to the intermet if I have
> chosen to have them closed with the web based user manager? Is
> this software buggy or am I not understanding something?

I assume that you are using some scanning software to identify open ports. What you are discovering is that the scanning software is able to create a TCP connection to those ports. What your scanning software is not telling you is that the connection is dropped immediately, because the source address of the connection is not authorised, according to the access control file /etc/hosts.allow. You can verify this by attempting to connect using a telnet or ftp client.

You can learn more about the access control daemon by doing "man hosts.allow" and "man tcpd" from the command line.

If you have evidence that there is a bug in the software, especially if it is security related, please send email to bugs@e-smith.com rather than post a public notice.

Regards

Charlie

[buddy]

Charlie ,
 Thank you very much. I was concerned because of www.grc.com and the portprobe test they offer.... I am just learning Linux and didnt want to make any mistakes.

Buddy

[buddy]

even if this is true .....doesnt the ports being open create a security risk?

[Gordon Rowell]

buddy wrote:

> even if this is true .....doesnt the ports being open create a
> security risk?

No. False positives are a common problem with web based tests.

Having a port available doesn't mean you can use it.

Gordon