l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 16:46

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Well, I now feel like an idjut.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Well, I now feel like an idjut.



On Thu, 2 Aug 2001, Don Werve wrote:
> As I was poking around, I brought up a process list and a list of open
> sockets with ps and netstat, respectively...and noticed instantly that
> my machine was listening for incoming connections on ports 6010 and
> 6011.
> 
> I have no services running on these ports.
> 
> Needless to say, I was a bit perturbed...double-checked the process list
> (and the one in /proc), telnetted into the ports (which responded, but
> didn't produce any data).  Crap.  This after I've spent quite a happy
> amount of time handling security on this machine (wrote my own custom
> tripwire hack, do regular auditing, loghost is a seperate machine).
> 
> Turns out they were the X11 forwarding ports for sshd.  Sheesh.  I 0wned
> myself. *grin*
> 
> Not as bad as the time I did "cp /usr/X11R6.old/bin/* /usr/X11R6/bin/"
> (note the lack of "-i", and that this was after spending about four
> hours building X...)

Ports 6000-6010 are often closed with ipchain rules (2.2) or limited in
some fashion due to the risks that can exist with X.

Also, you may want to examine investing some time in dl and installing
"lsof" which is very useful.

"lsof" (list open files) can tell you what files are associated with
running processes. Also, you can use the -i flag to see what
proccess/application is holding open a port and many other nifty tools.

"lsof" is rather kernel dependent and you will probably want to compile it
on your own after you compile your own kernel. You can often use the lsof
that comes with your system if it matches the kernel that came with your
system.

Mmmmmmm. lsof gooooooood...

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!