From owner-freebsd-security Mon Nov 27 10:56:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from hermes.cs.brandeis.edu (hermes.cs.brandeis.edu [129.64.2.5]) by hub.freebsd.org (Postfix) with ESMTP id 16B7437B479 for ; Mon, 27 Nov 2000 10:56:18 -0800 (PST) Received: from pearl.cs.brandeis.edu (pearl.cs.brandeis.edu [129.64.2.86]) by hermes.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id NAA15114 for ; Mon, 27 Nov 2000 13:56:16 -0500 Received: from localhost (meshko@localhost) by pearl.cs.brandeis.edu (8.9.3/8.9.3) with SMTP id NAA24840 for ; Mon, 27 Nov 2000 13:56:16 -0500 (EST) X-Authentication-Warning: pearl.cs.brandeis.edu: meshko owned process doing -bs Date: Mon, 27 Nov 2000 13:56:16 -0500 (EST) From: Mikhail Kruk To: freebsd-security@FreeBSD.ORG Subject: Re: fics In-Reply-To: <20001127105029.A63148@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org btw, why doesn't daily security script include diffs for netstat -an | grep LIST output? that would be kind of useful, no? > It's probably not even fics. People should learn not to believe > /etc/services because it's just a wild guess about what would be using > that port if this were a perfect internet and everyone only used their > assigned port numbers. Obviously, this internet is not perfect, and > port 5000 is an obvious enough port number for a human to pick that it > could be literally anything running there. > > The only way to tell with some kind of assurance what service is > running on a given port is to get on that machine with superuser > privileges and interrogate things, and even then you can't be sure. > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message