[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] socks & sunrpc on a netstat?

Carrie,

Another great scanning program you could check out is one called Nmap. I
use this one to scan the servers for open ports. It is usually good at
telling you what ports are open in addition to what the port is. 


Carrie Bartkowiak wrote:
> 
> > you didn't mention which cobalt product you are running,
> 
> My apologies! I'm worrying over a RaQ4r.
> 
> > but I don't
> > think that matters... i never saw any linux listening on the SOCKS
> port by
> > default (nor having a software to do that by default)
> 
> Ack.
> 
> > Don't think the ASP did it, unless when designed by Microsoft with
> their
> > IIS they officially decided to avoid standards and got it to listen
> to a
> > port already "registered" by another service.
> 
> So now I'm worried that I'm hacked. Well, I was worried about that
> anyway because I've never seen those before in a netstat. :)
> 
> > Use netstat -pl [as root] - you'll see what programs listen on all
> the
> > ports - unlike a netstat without parms, which only givens you the
> *active*
> > connections (your machine can listen on ALL ports and it won't show
> it!)
> 
> Whoa! *blinks at her screen*
> Thank you for that command, had never seen all of that before.
> Would anyone kill me if I posted my result to the list? (It's kinda
> long.)
> 
> > Also, sunrpc is a big headache - tons of security issues, even if
> it's
> > legit, i would close it...
> 
> Umm, I would if I knew how? *meek smile*
> I tried 'man sunrpc' and my lovely blue headache told me to go pound
> sand. I'll try digging through the archives, though (I do try to RTFM
> when I have an inkling on what to look for.)
> 
> Thank you Shimi!
> 
> CarrieB
> 
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security

-- 
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.