[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] /tmp/-v ?

Subject: Re: [cobalt-security] /tmp/-v ?
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Tue, 29 May 2001 00:45:45 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 28 May 2001, Gerald Waugh wrote:

> > On Sun, 27 May 2001, Gerald Waugh wrote:
> <snip>
> > > With SSL:
> > > admserv listening on ports 81, 444, normal httpd listening on port 80, and
> 443.
> > > Without SSL:
> > > admserv listening on ports 81,and 444, normal httpd listening on port 80.
> > > Is this correct?
> 
> On Monday, May 28, 2001 4:30 PM  "shimi" <shimi@xxxxxxxxxxxxxxxx> wrote
> > because my URL is https://www.domain.com:81/blablabla
> >
> > I believe that the : who states the port bypassws all defaults... besides,
> > if admserv listens on the normal httpd's security (ssl) port, where is
> > httpd (normal) listens? think about it :)
> >
> > I believe admserv always listens on 81, and serves SSL if an SSL cert is
> > installed. I might be wrong, of course :0
> >
> > - shimi.
> 
> >From /etc/admserv/conf/httpd.conf
> line 282 Listen 81
> line 283 Listen 444
> Tells me that admserv-httpd is listening on ports 81 and 444
> 
> >From /etc/httpd/conf/httpd.conf
>   line     86 Port 80
>   Tells me that httpd is listening on port 80
>   line    339         if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
>   line    340             $ret = ssl_cert_check("/home/sites/$group/certs/");
>   line    341             if ($ret=~/^2/o) {
>   line    342                 $PerlConfig .= "Listen $ip:443\n";
>   line    343                 $PerlConfig .= "<VirtualHost $ip:443>\n";
> Tells me that if VirtualHost is SSL then
> httpd also listens on port 443
> Gerald
> 
> 
I see.

Well I just connected to my RaQ as http://www.domain.com/admin. That went
through my webcaching. Then I was 302 redirected to
https://www.domain.com:81/.cobalt/sysManage/index.html

I saw a connection to port 81 in netstat, and then the authentication
came, I entered the details, and from netstat:

tcp        0     72 ras1-p89.tlv.netv:33991 www.domain.com:81 ESTABLISHED
tcp        0     72 ras1-p89.tlv.netv:33989 www.domain.com:81 ESTABLISHED
tcp        0      0 ras1-p89.tlv.netv:33987 www.domain.com:81 ESTABLISHED

clearly the second port isn't used. (444)
my raq doesn't listen to that port at all, and to tell you the truth I
have no idea why should it... https:// with no port goes to 443. to get to
444 you'll need to type that manually, and :81 already does that. perhaps
it's different in raq3 than other raqs, but for the best of my
understandment, they all connect to port 81...

Also, I'll add that according to /etc/services:

[shimi@www shimi]$ cat /etc/services | grep 444/
snpp            444/tcp                         # Simple Network Paging Protocol
snpp            444/udp                         # Simple Network Paging Protocol

which I'm not sure what it is now but it's definately not web...

- shimi.

Follow-Ups:
- Re: [cobalt-security] /tmp/-v ?
  - From: Carrie Bartkowiak
- Re: [cobalt-security] /tmp/-v ?
  - From: Gerald Waugh

References:
- Re: [cobalt-security] /tmp/-v ?
  - From: Gerald Waugh

Prev by Date: [cobalt-security] ipchains?
Next by Date: Re: [cobalt-security] /tmp/-v ?
Previous by thread: Re: [cobalt-security] /tmp/-v ?
Next by thread: Re: [cobalt-security] /tmp/-v ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index