Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Apr 1997 07:17:01 -0700
From:      John-Mark Gurney <jmg@hydrogen.nike.efn.org>
To:        mark thompson <thompson@squirrel.tgsoft.com>
Cc:        security@freefall.FreeBSD.ORG
Subject:   Re: What's on Port 1024?
Message-ID:  <19970430071701.18377@hydrogen.nike.efn.org>
In-Reply-To: <19970430131517.11350.qmail@tgsoft.com>; from mark thompson on Wed, Apr 30, 1997 at 01:15:17PM -0000
References:  <19970430131517.11350.qmail@tgsoft.com>

next in thread | previous in thread | raw e-mail | index | archive | help
try to use my Reply-To instead of From...

mark thompson scribbled this message on Apr 30:
>    From: John-Mark Gurney <jmg@hydrogen.nike.efn.org>
>    Date: Fri, 25 Apr 1997 00:55:33 -0700
> 
>    joed@ksu.edu scribbled this message on Apr 24:
>    > I'm currently in the proccess of trying to lock down a FreeBSD workstation
>    > as a firewall, and noticed that my FreeBSD machine is listening to port 
>    > 1024.  I'm fairly stumped as to what this might be..  According to the 
>    > port number database (http://www.sockets.com/services.htm) 1024 is 
>    > reserved.
>    try: lsof | grep 1024
>    on my machine it returns a line like:
>    xdm         214     root    5u  inet   0xf17bbc00        0t0        TCP *:1024
> 
>    so it looks like the process is xdm....
> Interesting. On my machine (2.2.1) I have the following bits:
> 
> bash$ sudo lsof | grep UDP
> [skip...]
> inetd       139     root   18u  inet   0xf1a77b00        0t0        UDP *:1024
> inetd       139     root   19u  inet   0xf1a77a80        0t0        UDP *:blackjack
> [skip...]
> 
> blackjack is 1025. Since neither of these is in inetd.conf, i wonder
> whazzup?

hmm. run rpcinfo and see if they are bounded to anything... they would
probably be responsible for it...  of course mine starts at 1040 though...

now for a couple puzzlers...  Apache 1.2b3, bash 1.14.7(1)...
httpd      4431   nobody    7u  inet   0xf17dfd80        0t0        UDP *:2027
bash      28573      jmg    4u  inet   0xf1ad0e80        0t0        UDP *:3745

I've verified that these ports are listening (via netstat) so it isn't lsof
miss reading kernel structs...

-- 
  John-Mark
  Cu Networking                             Modem/FAX: +1 541 683 6954

  Live in Peace, destroy Micro$oft, support free software, run FreeBSD



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970430071701.18377>