From owner-freebsd-security Sat Mar 23 16:26:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from jhs.muc.de (jhs.muc.de [193.149.49.84]) by hub.freebsd.org (Postfix) with ESMTP id B436237B400 for ; Sat, 23 Mar 2002 16:26:08 -0800 (PST) Received: from park.jhs.private (localhost [127.0.0.1]) by jhs.muc.de (8.11.0/8.11.0) with ESMTP id g2MFXiD64703 for ; Fri, 22 Mar 2002 15:33:44 GMT (envelope-from jhs@park.jhs.private) Message-Id: <200203221533.g2MFXiD64703@jhs.muc.de> To: freebsd-security@freebsd.org Subject: Re: ports 1021 1022 1023 & 587 ? In-Reply-To: Message from Christopher Schulte of "Tue, 19 Mar 2002 16:16:04 +0100." <5.1.0.14.0.20020319091502.01b33c50@pop3s.schulte.org> Date: Fri, 22 Mar 2002 16:33:44 +0100 From: Julian Stacey Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks to all for useful answers, inc. Dave Raven & Christopher Schulte Re. sockstat /usr/ports/sysutils/lsof Andrew McNaughton: Sorry, my last mail was misleading through ommision; what I didn't say : I'd run portscanner from an internal host or localhost (can't remember which), but not an external host (yet): so although I could see those ports & wanted to know what they were, they are blocked from external access by my last deny rule. (So I'm not offering unknown ports to the world, but thanks.) Dag-Erling Smorgrav: > The portmapper allocates ... Thanks, that's worth documenting in src/etc/services. > Why on earth are you running nfs, amd and lpd on a firewall? [Blush] Temporary arrangement: Only to other equal status alternate hardware fallback firewalls, not to internal hosts, & blocked by ipfw from outside, but yes, know what you mean, that will cease as I transition from mainly off line firewall to permanently connected firewall. lpd has an even less convincing excuse. Gregory Neil Shapiro > FEATURE(`no_default_msa')dnl Thanks, I'll look at that. Diff to 4.5 etc/services if someone wants to commit to help others avoid repeating my question, or would anyone second a submit via send-pr ? ------------ 24a25,26 > > # To find which processes have got ports open: sockstat & ports/sysutils/lsof. 1060c1062 < submission 587/udp --- > submission 587/udp # initial sendmail, unless FEATURE(`no_default_msa') 1233a1236,1240 > > # The portmapper allocates ports for NFS and other RPC services starting > # at 1023 and counting downwards. Use 'rpcinfo -p' to get a list of > # active RPC services and their port allocations. > ------------ (PS I'm re-subscribing security@freebsd.org, I just realised I was off). Julian Stacey Munich Unix (FreeBSD, Linux etc) Independent Consultant jhs@bim.bsn.com Free software: http://bim.bsn.com/~jhs/free/ Ihr Rauchen = mein allergischer Kopfschmerz ! Schnupftabak probieren ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message