From owner-freebsd-security Mon Nov 27 10:49:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 4087D37B4C5; Mon, 27 Nov 2000 10:49:52 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eARIoTH63231; Mon, 27 Nov 2000 10:50:29 -0800 (PST) (envelope-from kris) Date: Mon, 27 Nov 2000 10:50:29 -0800 From: Kris Kennaway To: Wes Peters Cc: Jean-Marc Zucconi , Buliwyf McGraw , freebsd-security@FreeBSD.ORG Subject: Re: fics Message-ID: <20001127105029.A63148@citusc17.usc.edu> References: <200011262219.OAA78370@freefall.freebsd.org> <3A220C99.1DCAB7EC@softweyr.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A220C99.1DCAB7EC@softweyr.com>; from wes@softweyr.com on Mon, Nov 27, 2000 at 12:26:17AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 27, 2000 at 12:26:17AM -0700, Wes Peters wrote: > > > I found this in one pc on my intranet: > >=20 > > > Interesting ports on (192.168.20.50): > > > Port State Protocol Service > > > 5000 open tcp fics > >=20 > > fics =3D Free Internet Chess Server (see http://www.freechess.org). It > > uses port 5000. Nothing bad here :-) >=20 > Has it been audited? It's probably not even fics. People should learn not to believe /etc/services because it's just a wild guess about what would be using that port if this were a perfect internet and everyone only used their assigned port numbers. Obviously, this internet is not perfect, and port 5000 is an obvious enough port number for a human to pick that it could be literally anything running there. The only way to tell with some kind of assurance what service is running on a given port is to get on that machine with superuser privileges and interrogate things, and even then you can't be sure. Kris --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoirPQACgkQWry0BWjoQKW4fACfWkeVMFCZU2yZ7kw95Zckeug+ cl4AoIa9GT4qcLC234agbvXSjx6R82Bn =OUw1 -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message