l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social Gathering 		Next Installfest:
TBA 		Latest News:
Nov. 18: Officers elected 		Page last updated:
2001 Dec 30 16:46
Events
 Meetings
 Installfests
 Demos
 Photos
Services
 Library
 LERT
 Jobs
 Documents
Interact
 Mailing Lists
 - Search
 - Archives
 Chat (IRC)
 Social Networks
About Us
 Members
 Projects
 Testimonials
 Call for Speakers
 Why Not MS?
 Finances
 Sponsors

^Home
?Search
?News & RSS
?Calendar
@Contact Us
$Buy Stuff
=Printable


The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
Re: [vox] Well, I now feel like an idjut.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Well, I now feel like an idjut.

On Thu, 2 Aug 2001, Don Werve wrote:
> As I was poking around, I brought up a process list and a list of open
> sockets with ps and netstat, respectively...and noticed instantly that
> my machine was listening for incoming connections on ports 6010 and
> 6011.
> 
> I have no services running on these ports.
> 
> Needless to say, I was a bit perturbed...double-checked the process list
> (and the one in /proc), telnetted into the ports (which responded, but
> didn't produce any data).  Crap.  This after I've spent quite a happy
> amount of time handling security on this machine (wrote my own custom
> tripwire hack, do regular auditing, loghost is a seperate machine).
> 
> Turns out they were the X11 forwarding ports for sshd.  Sheesh.  I 0wned
> myself. *grin*
> 
> Not as bad as the time I did "cp /usr/X11R6.old/bin/* /usr/X11R6/bin/"
> (note the lack of "-i", and that this was after spending about four
> hours building X...)

Ports 6000-6010 are often closed with ipchain rules (2.2) or limited in
some fashion due to the risks that can exist with X.

Also, you may want to examine investing some time in dl and installing
"lsof" which is very useful.

"lsof" (list open files) can tell you what files are associated with
running processes. Also, you can use the -i flag to see what
proccess/application is holding open a port and many other nifty tools.

"lsof" is rather kernel dependent and you will probably want to compile it
on your own after you compile your own kernel. You can often use the lsof
that comes with your system if it matches the kernel that came with your
system.

Mmmmmmm. lsof gooooooood...

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library
LinkedIn
LUGOD Group on LinkedIn 		facebook
LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
No Starch Press
For book donations.