RE: [cobalt-security] socks & sunrpc on a netstat?

["David Sutherland" <dave@xxxxxxx>]

Just for reference, on a typical linux box you will find an index of what
is -supposed- to be on a port, standards-speaking, in: /etc/services

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Sunday, April 22, 2001 2:11 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] socks & sunrpc on a netstat?


> you didn't mention which cobalt product you are running,

My apologies! I'm worrying over a RaQ4r.

> but I don't
> think that matters... i never saw any linux listening on the SOCKS
port by
> default (nor having a software to do that by default)

Ack.

> Don't think the ASP did it, unless when designed by Microsoft with
their
> IIS they officially decided to avoid standards and got it to listen
to a
> port already "registered" by another service.

So now I'm worried that I'm hacked. Well, I was worried about that
anyway because I've never seen those before in a netstat. :)

> Use netstat -pl [as root] - you'll see what programs listen on all
the
> ports - unlike a netstat without parms, which only givens you the
*active*
> connections (your machine can listen on ALL ports and it won't show
it!)

Whoa! *blinks at her screen*
Thank you for that command, had never seen all of that before.
Would anyone kill me if I posted my result to the list? (It's kinda
long.)

> Also, sunrpc is a big headache - tons of security issues, even if
it's
> legit, i would close it...

Umm, I would if I knew how? *meek smile*
I tried 'man sunrpc' and my lovely blue headache told me to go pound
sand. I'll try digging through the archives, though (I do try to RTFM
when I have an inkling on what to look for.)

Thank you Shimi!

CarrieB


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security