[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] socks & sunrpc on a netstat?
- Subject: Re: [cobalt-security] socks & sunrpc on a netstat?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Sat, 21 Apr 2001 22:42:48 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 22 Apr 2001, Carrie Bartkowiak wrote:
> Hey guys...
> I found this 'socks' connection tonight, and a 'sunrpc' connection
> when I did a netstat. Could y'all take a look and tell me if something
you didn't mention which cobalt product you are running, but I don't
think that matters... i never saw any linux listening on the SOCKS port by
default (nor having a software to do that by default)
> I don't have DNS or Telnet enabled on the machine, although I am
> running SSH2 and just recently within the past week turned on the ASP
> server.
Don't think the ASP did it, unless when designed by Microsoft with their
IIS they officially decided to avoid standards and got it to listen to a
port already "registered" by another service.
> [root web]# netstat
Use netstat -pl [as root] - you'll see what programs listen on all the
ports - unlike a netstat without parms, which only givens you the *active*
connections (your machine can listen on ALL ports and it won't show it!)
(as you can see from your own quote:
> Active Internet connections (w/o servers)
)
Also, sunrpc is a big headache - tons of security issues, even if it's
legit, i would close it...
> CarrieB
- shimi.