At the risk of sounding stupid I was wondering if I really need a firewall. What I have is a standalone box that will be used as a backup dns server. It does not have telnet, ftp, mail, etc ... so there are no other ports open. This made me wonder what ipchians would actually do for me as all it would be doing is blocking access to closed ports, port 53 would still be unrestricted.

It certainly wouldn't hurt to have one...especially if the machine is "mission critical", as DNS and backup DNS servers are...

since you are not running any telnet/ssh types of terminal emulation daemons, this probably means you have a monitor conected to this DNS box, am i right?

now, if you run X on this box, youre opening up port 6000, unprotected, leaving your machine vulnerable to attacks.

you also have to remember about all those 3|337 5c2iP7 /<iDDi35 out there, who might decide to DDoS your DNS with spoofed ICMP echo-requests (ping flood)... in my opinion, you can never have too much security. :)

Life is funny sometimes, just as I am asking what could be considered (by myself) a stupid question about firewalls, I discover that a server I take care of may have been hacked. (This one does have a firewall although it must be in need of some improvement ;)

I found a file named RK1 in the root "/" directory and a hidden directory under /usr/doc/HTML/ "..." in this directory are the files .rk1 back-up.tgz bnc.tgz clear dx2 s scan.tgz sense sniff wu and another directory "adore" which contains LICENSE Makefile README adore.c ava.c

Since none of the other RedHat machines I use have these file I can only assume that I have been hacked. The only up side to this is that I was in the process of setting up a new box to replace it.

if( RK == Root Kit){
puts("You have been hax0red!");
}

lol, old sk00l io