From owner-freebsd-security  Wed Apr 30 06:15:25 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id GAA25457
          for security-outgoing; Wed, 30 Apr 1997 06:15:25 -0700 (PDT)
Received: from tgsoft.com (squirrel.tgsoft.com [207.167.64.183])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id GAA25448
          for <security@freefall.FreeBSD.ORG>; Wed, 30 Apr 1997 06:15:19 -0700 (PDT)
Received: (qmail 11351 invoked by uid 128); 30 Apr 1997 13:15:17 -0000
Date: 30 Apr 1997 13:15:17 -0000
Message-ID: <19970430131517.11350.qmail@tgsoft.com>
From: mark thompson <thompson@squirrel.tgsoft.com>
To: jmg@hydrogen.nike.efn.org
CC: security@freefall.FreeBSD.ORG
In-reply-to: message from John-Mark Gurney on Fri, 25 Apr 1997 00:55:33 -0700
Subject: Re: What's on Port 1024?
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

   From: John-Mark Gurney <jmg@hydrogen.nike.efn.org>
   Date: Fri, 25 Apr 1997 00:55:33 -0700

   joed@ksu.edu scribbled this message on Apr 24:
   > Greetings,
   > 
   > I'm currently in the proccess of trying to lock down a FreeBSD workstation
   > as a firewall, and noticed that my FreeBSD machine is listening to port 
   > 1024.  I'm fairly stumped as to what this might be..  According to the 
   > port number database (http://www.sockets.com/services.htm) 1024 is 
   > reserved.
   > 
   > Any thought as to what's listening to this port?  

   try: lsof | grep 1024
   on my machine it returns a line like:
   xdm         214     root    5u  inet   0xf17bbc00        0t0        TCP *:1024

   so it looks like the process is xdm....

   ttyl..

Interesting. On my machine (2.2.1) I have the following bits:

bash$ sudo lsof | grep UDP
[skip...]
inetd       139     root   18u  inet   0xf1a77b00        0t0        UDP *:1024
inetd       139     root   19u  inet   0xf1a77a80        0t0        UDP *:blackjack
[skip...]

blackjack is 1025. Since neither of these is in inetd.conf, i wonder
whazzup?

-mark