From owner-freebsd-security Thu Mar 8 13:51:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from nu.binary.net (nu.binary.net [216.229.0.6]) by hub.freebsd.org (Postfix) with ESMTP id 1828F37B71A for ; Thu, 8 Mar 2001 13:51:35 -0800 (PST) (envelope-from nathan@binary.net) Received: from matrix.binary.net (postfix@matrix.binary.net [216.229.0.2]) by nu.binary.net (8.11.2/8.9.0) with ESMTP id f28Lu8i79424; Thu, 8 Mar 2001 15:56:08 -0600 (CST) Received: by matrix.binary.net (Postfix, from userid 1007) id 672A98348A; Thu, 8 Mar 2001 15:51:30 -0600 (CST) Date: Thu, 8 Mar 2001 16:51:29 -0500 From: Nathan Dorfman To: cjclark@alum.mit.edu Cc: Mike Silbersack , "Giovanni P. Tirloni" , freebsd-security@FreeBSD.ORG Subject: Re: 31337 Message-ID: <20010308165129.A4252@rtfm.net> References: <20010306001859.B1367@cjc-desktop.users.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <20010306001859.B1367@cjc-desktop.users.reflexcom.com>; from Crist J. Clark on Tue, Mar 06, 2001 at 12:18:59AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > It is _rarely_ going to be opening TCP sockets and when it does, it > will be the one initiating them so they will not appear open to a > connect() scan. The odds of it happening with two unrelated connections are probably one in a gazillion, but you can apparently connect to the ephemeral port assigned to a connect() caller: nathan@matrix:~% telnet localhost 1265 Trying 127.0.0.1... Connected to localhost.binary.net. Escape character is '^]'. ^] telnet> ^Z Suspended nathan@matrix:~% sockstat | grep 1265 nathan telnet 7273 3 tcp 127.0.0.1.1265 127.0.0.1.1265 nathan@matrix:~% > -- > Crist J. Clark cjclark@alum.mit.edu -- Nathan Dorfman [http://www.rtfm.net] "The light at the end of the tunnel is the headlight of an approaching train." --/usr/games/fortune To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message