[lug] Netstat (newbie)

Michael Deck deckm at cleansoft.com
Tue Aug 1 19:44:12 MDT 2000

At 05:55 PM 8/1/00 -0700, Jeffrey B. Siegal wrote:
>Michael Deck wrote:
> > Every once in a while, following these flame-wars teaches me something. I went right in and did a netstat -an and there is a listener whose IP address I don't recognize. What does this mean? There are several relevant entries:
>I'm not sure about the IP addresses, but from the ports I'm almost
>certain you are running a samba server.  

It is a file server located behind a firewall. I was interested in whether anyone might be poking through my firewall.

>Whether or not this is what you
>want is up to you.  (Of course, if we're talking about a firewall, you
>almost certainly *don't* want it.)

Why is that? Apart from the general guidance that you don't want anything running on the firewall machine besides the firewall. I make some of the drives on my firewalling box available via Samba to other machines on my internal net so that I can e.g. update web pages etc. Is your advice entirely the result of a belief that "anything can have security holes, the more stuff you have running the more security holes" or do you have specific knowledge of Samba problems? 


Michael Deck
Cleanroom Software Engineering, Inc.   

More information about the LUG mailing list