Re: firewall question

From: Tom Emerson (x_at_y.z.com)
Date: 05/12/04 

Date: Wed, 12 May 2004 02:40:56 GMT

mikko heikkinen wrote:

> kalev- wrote:
>
>> Simply _disable_ the sshd.
>> Yast2->System-> Runlevel Editor.
>
> thank you, that was simple.
>
> now, please tell me that I didn't disable something that needs to run ?

not likely, unless you have a reason or desire to access your system while
"on the road". ssh stands for "secure shell", and is basically an
encrypted form of telnet [this is an oversimplification, but suffices for
this discussion] The advantage, of course, is that it is encrypted right
from the start, so (presumably) people "snooping" your cable/dsl/phone line
cannot watch for a login and gain your root (or regular user) password.

> just checking :) as I have no prior experience with suse and just wanted
> to be sure some application won't complain or some update won't run..

Basically, process names ending in "...d" indicate some form of "daemon", or
continuous process, that provides a "service" to people using the computer.
These daemons can be the ultimate in simplicity [the "echo" server, for
instance, or chargen] or complex all-resource-consuming beasts like web,
database, and similar servers (or even clients, such as seti@home)

the command "netstat -a --tcp" will show you what "servers" are listening,
and the command "netstat -an --tcp" shows the same things but without the
semi-confusing "name" of the service.

some common services include:

   ipp (631): internet printing protocol, better known as "cups" nowadays.
You can actually point a browser to http://localhost:631 and "administer"
any printers you have connected

   netbios (135/139 and friends): microsoft's networking stuff [known to
linux folks as "samba"] useful if you actually have to "interoperate" with
windows machines on a network, otherwise turn it off.

   smtp (25): simple mail transport protocol. This is how your system sends
e-mails either to you (from other daemon processes, such as cron) or for
you to "other systems" [providing you've set your system up to act as a
hub] This pretty much has to be running all the time, but you want to/need
to make sure that it only listens to the "inside" of your network (i.e.,
192.168.x.x) or your own machine (127.0.0.1)

Relevant Pages

  • Networking RH9 on NT Proxy server
    ... our network is basically this. ... which goes to NT4 Proxy server, ... for the DSL and te Proxy. ... The other windows machines can see the RH9 server on the Network ...
    (comp.os.linux.networking)
  • Re: Fully parallel Scheme-based language w/ evaluator
    ... Windows Server 2003 and networks in simple - and irreverent - terms. ... If networking really is a big deal, ... Concepts and Terminology in Part I, and The Design and Deployment of Network ...
    (comp.lang.misc)
  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.general)
  • Re: Logon Server Unavailable
    ... There are currently no logon servers available to service ... You use a office laptop to connect the office VPN, when you map a network ... you may receive this message: "This account is the ... The server is not configured for transactions"> "A domain controller for your domain could not be contacted" ...
    (microsoft.public.windows.server.dns)