xsprite@bigfoot.com writes:
If you have a high amount of bandwidth, or your isp provides a service such as cable, you are likely to get scanned (I do atleast once every two days or so) whether the scan is for open netbios shares or the latest s'kiddie 0day.
My home dial-up machine gets scanned pretty much every evening for samba shares. I intend to develop a small samba share of poisoned files padded out with 0s (so they compress well and go up the modem fast).
Yes, don't let anything listen to the external interface unless absolutely necessary. netstat -a will show what's listening. inetd always seems to want to listen to everything, but you can use "ALL: ALL EXCEPT 127." in hosts.deny (man hosts_access) to pin that down to only the local machine (change to taste) for most services it starts. Commenting out some lines in /etc/X11/*/Xaccess is also good, as in running X with -nolisten tcp if you don't use that.
And use ipchains/iptables just to be sure.