Date: Thu, 17 May 2001 14:03:21 -0500 From: Eric Anderson <anderson@centtech.com> To: Bill Mitcheson <turtle@pyramus.com> Cc: freebsd-security@freebsd.org Subject: Re: New info on our Port 1023 problem. Message-ID: <3B042079.AC957064@centtech.com> References: <Pine.BSF.4.21.0105171414450.12195-100000@mail.wlcg.com> <3B042085.39247322@pyramus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It's typically pretty insecure. If you aren't running NIS/YP on your machines, you can get rid of it. If you do need it, you should be filtering it with ipfw or ipfilter. Eric Bill Mitcheson wrote: > > I ran sockstat and came up with the following: > > root ypserv 117 5 tcp *.1023 *.* > > Ypserv was also running on a couple of other ports as UDP instead of TCP. Is > this bad? > > Rob Simmons wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: RIPEMD160 > > > > Were you running any services on that port? The command "sockstat" should > > tell you if there is anything listening on that port. If there is nothing > > listening on the port, you don't have to worry about them poking at that > > port. > > > > Robert Simmons > > Systems Administrator > > http://www.wlcg.com/ > > > > On Thu, 17 May 2001, Bill Mitcheson wrote: > > > > > We noticed unauthorized activity yesterday. After investigating we found > > > that there was someone coming in from Asia and they were trying to > > > access port 1023. I could not find much info on that port and was > > > wondering if anyone knows of that port, what common attacks to that port > > > are, and how to stop future attacks? > > > > > > Bill Mitcheson. > > > Network Administrator, > > > Pyramus Online. > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.5 (FreeBSD) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE7BBXQv8Bofna59hYRAwgNAJ0WjqRSOsNgHibg59s7JJjPOovwAACeNExx > > xntXYcmqMvzu6ER22/biI5I= > > =WrEW > > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 The idea is to die young as late as possible. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B042079.AC957064>