Hiyas folks,

i just installed redhat 7.2 and was wondering with that install(I did a workstation class install) is there any servers that were installed on my system that would leave me vuneralble to security threats?Also theres a nuke for IRC that allows someone to send an unprotocol error packet to the victim with the IRC server as the apperant sender that would reset the victims connection to that server, My question is would linux be exploitable this way?

Answer to that question is yes.
type netstat -l and see all the ports listening for connections.

Anyone of these ports could have a security issue just waiting to happen.

What you need to do is decided which ones you don't use and remove them, then decide if the ones you do use can be used from one fixed IP address or does the whole world need to see it like IRC.

This is where you put up a firewall or use simple tcp wrappers in hosts.allow and hosts.deny.

Answering your question on that kiddy nuke thing.
It's not going to work if you set your firewall not to respond to ICMP type 3 errors, the only problem with this is if your network connection goes down external connection won't know about it and keep retrying your IP address.

Also due to this nuke using ICMP messages as its DOS attack, it's still part of TCP so they have to guess the sequencer number of the IRC client connected to the socket.

On NT 4.0 easy on Linux just about imposable.
The Linux stack is using random positive increments, not time dependent sequenced numbers.

Best advice is put up a firewall.
/Raz

I've always found -p useful on netstat. If you run it as root, it can help you identify exactly which daemon to turn off.