Date: Sat, 9 Sep 2000 01:24:30 -0400 From: "David Liu" <dliu@mindspring.com> To: <questions@freebsd.org> Subject: 12345/tcp open NetBus Message-ID: <LMECIAEPHBBFPHLIOHMNAEAECAAA.dliu@mindspring.com>
next in thread | raw e-mail | index | archive | help
Hi, The following is the output of ps and sockstat. I always reboot my system after changing the configuration files so the following is an accurate reflection of the system. I don't remember where I found the section on shutting down the inetd.conf file. Some of info I got was from reading the shell scripts and determining what env. variables they were looking for. The "specific shortcoming in the documentation" is not describing what each env. variable used in the shell scripts are. For example, to shutdown the portmap daemon, you need to specify portmap_enable="NO" in the "rc.conf" file. To make FreeBSD secure out of the box, the portmap daemon should not be started since most users do not need it and it presents a serious security hole for servers connected to the Internet. As a side note, several of the ports are out of date and do not install properly (i.e. apache13-fp) without hacking them. Thanks, David /* ps aux */ USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 548 0.0 0.4 420 244 p0 R+ 12:46AM 0:00.00 ps aux root 1 0.0 0.5 532 304 ?? ILs 6:03PM 0:00.01 /sbin/init -- root 2 0.0 0.0 0 0 ?? DL 6:03PM 0:00.01 (pagedaemon) root 3 0.0 0.0 0 0 ?? DL 6:03PM 0:00.00 (vmdaemon) root 4 0.0 0.0 0 0 ?? DL 6:03PM 0:00.01 (bufdaemon) root 5 0.0 0.0 0 0 ?? DL 6:03PM 0:00.23 (syncer) root 28 0.0 0.2 208 92 ?? Is 6:03PM 0:00.00 adjkerntz -i root 108 0.0 0.6 536 368 ?? Is 10:03PM 0:00.00 /sbin/dhclient xl0 root 246 0.0 0.6 524 372 ?? Ss 10:03PM 1:24.75 /sbin/natd -n xl0 root 262 0.0 1.0 904 608 ?? Ss 10:03PM 0:00.09 syslogd -s root 271 0.0 1.3 1096 808 ?? D 10:03PM 0:00.02 amd -p -a /.amd_mnt -c 1800 -l syslog /host / root 272 0.0 1.3 1096 808 ?? D 10:03PM 0:00.02 amd -p -a /.amd_mnt -c 1800 -l syslog /host / root 287 0.0 1.1 948 692 ?? Is 10:03PM 0:00.04 cron root 303 0.0 0.8 876 488 ?? Is 10:03PM 0:00.02 moused -p /dev/psm0 -t auto root 337 0.0 2.8 2068 1708 ?? Ss 10:03PM 0:00.36 /usr/local/sbin/httpd -DMOD_FP root 353 0.0 1.9 1776 1164 ?? Is 10:03PM 0:00.01 /usr/local/sbin/sshd (sshd2) nobody 359 0.0 2.8 2092 1708 ?? I 10:03PM 0:00.00 /usr/local/sbin/httpd -DMOD_FP nobody 360 0.0 2.8 2092 1708 ?? I 10:03PM 0:00.00 /usr/local/sbin/httpd -DMOD_FP nobody 361 0.0 2.8 2092 1708 ?? I 10:03PM 0:00.00 /usr/local/sbin/httpd -DMOD_FP nobody 362 0.0 2.8 2092 1708 ?? I 10:03PM 0:00.00 /usr/local/sbin/httpd -DMOD_FP nobody 363 0.0 2.8 2092 1708 ?? I 10:03PM 0:00.00 /usr/local/sbin/httpd -DMOD_FP root 365 0.0 3.2 2652 1976 ?? S 10:03PM 0:01.90 /usr/local/bin/python /usr/local/abacus/hosts root 367 0.0 0.9 880 572 ?? Is 10:03PM 0:00.01 /usr/local/psionic/portsentry/portsentry -tcp root 369 0.0 0.9 880 572 ?? Is 10:03PM 0:00.18 /usr/local/psionic/portsentry/portsentry -udp root 381 0.0 1.2 1052 756 v0 Ss+ 10:03PM 0:04.67 /usr/libexec/getty Pc ttyv0 root 382 0.0 1.0 920 624 v1 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv1 root 383 0.0 1.0 920 624 v2 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv2 root 384 0.0 1.0 920 624 v3 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv3 root 385 0.0 1.0 920 624 v4 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv4 root 386 0.0 1.0 920 624 v5 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv5 root 387 0.0 1.0 920 624 v6 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv6 root 388 0.0 1.0 920 624 v7 Is+ 10:03PM 0:00.01 /usr/libexec/getty Pc ttyv7 root 522 0.0 2.4 1840 1472 ?? S 12:36AM 0:00.31 /usr/local/sbin/sshd (sshd2) dliu 523 0.0 1.4 1016 868 p0 Is 12:37AM 0:00.02 -bash (bash) root 524 0.0 1.5 1276 916 p0 I 12:37AM 0:00.04 _su (csh) root 526 0.0 1.5 1032 884 p0 S 12:37AM 0:00.03 bash root 0 0.0 0.0 0 0 ?? DLs 6:03PM 0:00.01 (swapper) nmap -sS -O localhost Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1473 ports scanned but not shown below are in state: closed) Port State Service 1/tcp open tcpmux 2/tcp open compressnet 3/tcp open compressnet 4/tcp open unknown 5/tcp open rje 7/tcp open echo 9/tcp open discard 11/tcp open systat 15/tcp open netstat 19/tcp open chargen 20/tcp open ftp-data 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 70/tcp open gopher 79/tcp open finger 80/tcp open http 87/tcp open priv-term-l 109/tcp open pop-2 110/tcp open pop-3 111/tcp open sunrpc 119/tcp open nntp 138/tcp open netbios-dgm 139/tcp open netbios-ssn 143/tcp open imap2 144/tcp open news 512/tcp open exec 513/tcp open login 514/tcp open shell 515/tcp open printer 540/tcp open uucp 635/tcp open unknown 1023/tcp open unknown 1024/tcp open kdm 1080/tcp open socks 1524/tcp open ingreslock 2000/tcp open callbook 2001/tcp open dc 2049/tcp open nfs 6667/tcp open irc 8080/tcp open http-proxy 12345/tcp open NetBus 12346/tcp open NetBus 31337/tcp open Elite 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 TCP Sequence Prediction: Class=random positive increments Difficulty=5406 (Worthy challenge) Remote operating system guess: FreeBSD 2.2.1 - 4.0 /* sockstat */ Nmap run completed -- 1 IP address (1 host up) scanned in 17 seconds USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sshd2 522 6 tcp4 216.77.240.142.22 165.247.135.53.103 root portsent 369 0 udp4 *.1035 *.* root portsent 369 1 udp4 *.1 *.* root portsent 369 2 udp4 *.7 *.* root portsent 369 3 udp4 *.9 *.* root portsent 369 4 udp4 *.19 *.* root portsent 369 5 udp4 *.66 *.* root portsent 369 6 udp4 *.67 *.* root portsent 369 7 udp4 *.69 *.* root portsent 369 8 udp4 *.111 *.* root portsent 369 9 udp4 *.137 *.* root portsent 369 10 udp4 *.138 *.* root portsent 369 11 udp4 *.161 *.* root portsent 369 12 udp4 *.162 *.* root portsent 369 13 udp4 *.177 *.* root portsent 369 14 udp4 *.474 *.* root portsent 369 15 udp4 *.513 *.* root portsent 369 16 udp4 *.517 *.* root portsent 369 17 udp4 *.518 *.* root portsent 369 18 udp4 *.520 *.* root portsent 369 19 udp4 *.635 *.* root portsent 369 20 udp4 *.640 *.* root portsent 369 21 udp4 *.641 *.* root portsent 369 22 udp4 *.666 *.* root portsent 369 23 udp4 *.700 *.* root portsent 369 24 udp4 *.2049 *.* root portsent 369 25 udp4 *.28001 *.* root portsent 369 26 udp4 *.32770 *.* root portsent 369 27 udp4 *.32771 *.* root portsent 369 28 udp4 *.32772 *.* root portsent 369 29 udp4 *.32773 *.* root portsent 369 30 udp4 *.32774 *.* root portsent 369 31 udp4 *.31337 *.* root portsent 369 32 udp4 *.54321 *.* root portsent 367 0 tcp4 *.1024 *.* root portsent 367 1 tcp4 *.1 *.* root portsent 367 2 tcp4 *.2 *.* root portsent 367 3 tcp4 *.3 *.* root portsent 367 4 tcp4 *.4 *.* root portsent 367 5 tcp4 *.5 *.* root portsent 367 6 tcp4 *.7 *.* root portsent 367 7 tcp4 *.9 *.* root portsent 367 8 tcp4 *.11 *.* root portsent 367 9 tcp4 *.15 *.* root portsent 367 10 tcp4 *.19 *.* root portsent 367 11 tcp4 *.20 *.* root portsent 367 12 tcp4 *.21 *.* root portsent 367 13 tcp4 *.23 *.* root portsent 367 14 tcp4 *.25 *.* root portsent 367 15 tcp4 *.53 *.* root portsent 367 16 tcp4 *.70 *.* root portsent 367 17 tcp4 *.79 *.* root portsent 367 18 tcp4 *.87 *.* root portsent 367 19 tcp4 *.109 *.* root portsent 367 20 tcp4 *.110 *.* root portsent 367 21 tcp4 *.111 *.* root portsent 367 22 tcp4 *.119 *.* root portsent 367 23 tcp4 *.138 *.* root portsent 367 24 tcp4 *.139 *.* root portsent 367 25 tcp4 *.143 *.* root portsent 367 26 tcp4 *.144 *.* root portsent 367 27 tcp4 *.512 *.* root portsent 367 28 tcp4 *.513 *.* root portsent 367 29 tcp4 *.514 *.* root portsent 367 30 tcp4 *.515 *.* root portsent 367 31 tcp4 *.540 *.* root portsent 367 32 tcp4 *.635 *.* root portsent 367 33 tcp4 *.1080 *.* root portsent 367 34 tcp4 *.1114 *.* root portsent 367 35 tcp4 *.1524 *.* root portsent 367 36 tcp4 *.2000 *.* root portsent 367 37 tcp4 *.2001 *.* root portsent 367 38 tcp4 *.2049 *.* root portsent 367 39 tcp4 *.4000 *.* root portsent 367 40 tcp4 *.4001 *.* root portsent 367 41 tcp4 *.5742 *.* root portsent 367 42 tcp4 *.6667 *.* root portsent 367 43 tcp4 *.12345 *.* root portsent 367 44 tcp4 *.12346 *.* root portsent 367 45 tcp4 *.20034 *.* root portsent 367 46 tcp4 *.30303 *.* root portsent 367 47 tcp4 *.32771 *.* root portsent 367 48 tcp4 *.32772 *.* root portsent 367 49 tcp4 *.32773 *.* root portsent 367 50 tcp4 *.32774 *.* root portsent 367 51 tcp4 *.31337 *.* root portsent 367 52 tcp4 *.40421 *.* root portsent 367 53 tcp4 *.40425 *.* root portsent 367 54 tcp4 *.49724 *.* root portsent 367 55 tcp4 *.54320 *.* nobody httpd 363 16 tcp4 *.8080 *.* nobody httpd 363 17 tcp4 *.80 *.* nobody httpd 362 16 tcp4 *.8080 *.* nobody httpd 362 17 tcp4 *.80 *.* nobody httpd 361 16 tcp4 *.8080 *.* nobody httpd 361 17 tcp4 *.80 *.* nobody httpd 360 16 tcp4 *.8080 *.* nobody httpd 360 17 tcp4 *.80 *.* nobody httpd 359 16 tcp4 *.8080 *.* nobody httpd 359 17 tcp4 *.80 *.* root sshd2 353 3 tcp4 *.22 *.* root sshd2 353 4 udp4 *.22 *.* root httpd 337 16 tcp4 *.8080 *.* root httpd 337 17 tcp4 *.80 *.* root amd 272 4 udp4 *.1023 *.* root amd 272 5 tcp4 *.1023 *.* root amd 272 6 udp4 *.1022 *.* root amd 272 7 udp4 *.1021 *.* root amd 271 4 udp4 *.1023 *.* root amd 271 5 tcp4 *.1023 *.* root amd 271 6 udp4 *.1022 *.* root amd 271 7 udp4 *.1021 *.* root syslogd 262 4 udp4 *.514 *.* root dhclient 108 3 udp4 *.* *.* root dhclient 108 6 udp4 *.68 *.* /* rc.conf file */ # This file now contains just the overrides from /etc/defaults/rc.conf # please make all changes to this file. # -- sysinstall generated deltas -- # ifconfig_ed0="inet 192.168.0.1 netmask 255.255.255.0" hostname="Finch" linux_enable="NO" moused_enable="YES" gateway_enable="YES" usbd_enable="NO" ntpdate_flags="otc1.psu.edu" ifconfig_xl0="DHCP" hostname="finch.dyndns.com" sendmail_enable="NO" ipv6_enable="NO" router_enable="NO" ntpdate_enable="YES" sshd_enable="NO" firewall_enable="YES" firewall_type="SIMPLE" natd_enable="YES" natd_interface="xl0" inetd_enable="NO" portmap_enable="NO" # Later change to YES, prevents X-windows from running kern_securelevel_enable="NO" kern_securelevel="2" amd_flags="-a /.amd_mnt -c 1800 -l syslog /host /etc/amd.map /net /etc/amd.map" amd_enable="YES" -----Original Message----- From: bobj@smtp.ufl.edu [mailto:bobj@smtp.ufl.edu]On Behalf Of Bob Johnson Sent: Friday, September 08, 2000 8:27 PM To: David Liu Cc: freebsd-doc@FreeBSD.ORG Subject: Re: Documentation suggestion David Liu wrote: > > Hi, > > I was trying to secure my Freebsd 4.1 server by following the handbook and > disabled > inetd.conf and as many of the services which I don't need. A nmap port scan > stiil show that > many of my ports are still open. Please address this in your handbook. I > need to know for example why port 12345 is open and how to shut it down. > > Thanks for your help and a great product, > The port scan doesn't match your config file. If you didn't reboot after editing the config file, then try rebooting and scanning again. After you do that, if things aren't what you expect, post the scan and the rc.conf, plus the result of "ps -ax", to questions@freebsd.org. If, during this process, you can identify what specific shortcoming in the documentation caused you difficulty, please post that information to the doc list. Actually, now that you mention it, I can't even find instructions on disabling inetd.conf in the Handbook. Were you reading the Handbook, or a tutorial, or the FAQ, or The Complete FreeBSD? Thanks, - Bob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LMECIAEPHBBFPHLIOHMNAEAECAAA.dliu>