From owner-freebsd-security Tue Mar 19 7:10:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from jhs.muc.de (jhs.muc.de [193.149.49.84]) by hub.freebsd.org (Postfix) with ESMTP id 5924337B416 for ; Tue, 19 Mar 2002 07:10:10 -0800 (PST) Received: (from jhs@localhost) by jhs.muc.de (8.11.0/8.11.0) id g2JFBbG55810; Tue, 19 Mar 2002 15:11:37 GMT (envelope-from jhs) Date: Tue, 19 Mar 2002 15:11:37 GMT Message-Id: <200203191511.g2JFBbG55810@jhs.muc.de> To: freebsd-security@freebsd.org Subject: ports 1021 1022 1023 & 587 ? From: "Julian Stacey" Reply-To: "Julian Stacey" Organization: Vector Systems Ltd - Munich Unix & Internet consultancy X-Web: http://bim.bsn.com/~jhs/ http://bsd.bsn.com/~jhs/ Fcc: sent-mail Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On a 4.5-RELEASE firewall ports 1021 1022 1023 are shown open by /usr/ports/security/portscanner, but not listed in /etc/services. Are they daemons doing auto decrement allocation from 1024 ? ( I'm using ipfw firewall, not using diverts (yet), not using X server, am using various other daemons inc. nfs amd lpd timed whod etc) Should I block some 1023 port range with ipfw on non {localhost & local ethernet} interfaces ? What range ? submission=587 is also open. Could someone please remind me the name of a command to back trace the port to whatever's opened it ? Would it be a good idea to add a commented hint at entry 1023 of /etc/services ? Julian Stacey Munich Unix (FreeBSD, Linux etc) Independent Consultant jhs@bim.bsn.com Free software: http://bim.bsn.com/~jhs/free/ Ihr Rauchen = mein allergischer Kopfschmerz ! Schnupftabak probieren ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message