Answer to that question is yes.
type netstat -l and see all the ports listening for connections.
Anyone of these ports could have a security issue just waiting to happen.
What you need to do is decided which ones you don't use and remove them, then decide if the ones you do use can be used from one fixed IP address or does the whole world need to see it like IRC.
This is where you put up a firewall or use simple tcp wrappers in hosts.allow and hosts.deny.
Answering your question on that kiddy nuke thing.
It's not going to work if you set your firewall not to respond to ICMP type 3 errors, the only problem with this is if your network connection goes down external connection won't know about it and keep retrying your IP address.
Also due to this nuke using ICMP messages as its DOS attack, it's still part of TCP so they have to guess the sequencer number of the IRC client connected to the socket.
On NT 4.0 easy on Linux just about imposable.
The Linux stack is using random positive increments, not time dependent sequenced numbers.
Best advice is put up a firewall.
/Raz
|