Web lists-archives.com

Re: netstat




	Hi.

On Fri, Sep 21, 2018 at 01:52:00PM -0400, rhkramer@xxxxxxxxx wrote:
> On Friday, September 21, 2018 08:55:21 AM Henning Follmann wrote:
> > Run a netstat -t -l and you will see there is nothing listening. So what is
> > the point of running a firewall?
> 
> I'm not the OP, but I decided to play along and run:
> 
> <quote>
> root@s19:~# netstat -t -l
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State      
> tcp        0      0 localhost:smtp          *:*                     LISTEN     
> tcp        0      0 *:microsoft-ds          *:*                     LISTEN     
> tcp        0      0 *:netbios-ssn           *:*                     LISTEN     
> tcp        0      0 *:53647                 *:*                     LISTEN     
> tcp        0      0 *:sunrpc                *:*                     LISTEN     
> tcp        0      0 localhost:ipp           *:*                     LISTEN     
> </quote>
> 
> (This on my wheezy system.)
> 
> What is that telling me

You have exim (most probably), samba, nfs portmapper and CUPS running.
And that thing (whatever it is) which is listening tcp:53647.

samba, portmapper and that 53647 thing are listening on all interfaces,
i.e. are reachable from outside of your host. Unless a packet filter
intervenes, that is.

And, of course, that is TCP only, there can be processes listening UDP
sockets too.

Btw consider using 'ss -nptl' or 'netstat -nptl' for a more meaningful
result.

> and should I be worried.

No, assuming that you're:

1) Using only Debian-provided software.
2) Installed and started Samba intentionally.
3) Do not intend to provide SMB to all the Internet.

Reco