A TCP connection
provides error detection and retransmission of lost data. UDP doesn??™t check to ensure that the
data arrived complete and intact; it is meant as a fast way to send noncritical information.
234
Running the Show Part II
Disabling Network Services
Although there are hundreds of services (with official port numbers listed in /etc/services)
that potentially could be available and subject to attack on your Linux system, in reality only a few
dozen services are installed and only a handful of those are on by default. In Fedora and RHEL
systems, most network services are started by either the xinetd process or by a start-up script in
the /etc/init.d directory. Other Linux systems use the inetd process instead of xinetd.
xinetd and inetd are daemons that listen on a great number of network port numbers. When a
connection is made to a particular port number, xinetd or inetd automatically starts the appropriate
program for that service and hands the connection to it.
For xinetd, the configuration file /etc/xinetd.conf is used to provide default settings for the
xinetd server. The directory /etc/xinetd.d contains files that tell xinetd what ports to listen on
and what programs to start (the inetd daemon, alternatively, uses only the /etc/inetd.
Pages:
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506