[pert]

I got burned about 10 years ago by 'samba' not doing what I thought I'd told it to. I used the 'bind interfaces only' configuration directive, which I thought would prevent it from opening any ports on my Internet interface. I was wrong.

Unfortunately I also had no idea about the concept of security patches and, to this day, I still have no idea how I should have gone about getting security updates for Slackware (I switched to Debian and never looked back). The result was some script kiddie got root and started to use my box to start scanning for more vulnerable samba installations to break.

My response was to unplug all of the network cables and have a poke around to see what he'd been up to. I took a full backup of the box and then re-installed it from scratch as I couldn't trust it.

I learned that you should always look at what ports you have open (`netstat -lpn` is my favourite command for this) and that there are some times when a firewall might be of use (I'm not a fan of firewalls on anything other than gateway boxes).