Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] ports
On Wed, 23 May 2001, S.Toms wrote:
> The other ones I see is 11, and
> occasionally 69

in firewall_forensics
Version 0.4.1, June 20, 2000

Copyright 1998-2000 by Robert Graham

This is a UNIX service that will list all the running
processes on a machine and who started them. This gives
an intruder a huge amount of information that might be
used to compromise the machine, such as indicating
programs with known vulnerabilities or user accounts. It
is similar the contents that can be displayed with the
UNIX "ps" command. ICMP doesn't have ports; if you see
something that says "ICMP port 11", you probably want ICMP

(over UDP). Many servers support this protocol in
conjunction with BOOTP in order to download boot code
to the system. However, they are frequently
misconfigured to provide any file from the system, such
as password files. They can also be used to write files to
the system.

Sun RPC PortMapper/RPCBIND. Access to portmapper
is the first step in scanning a system looking for all the
RPC services enabled, such as rpc.mountd, NFS,
rpc.statd, rpc.csmd, rpc.ttybd, amd, etc. If the intruder
finds the appropriate service enabled, s/he will then run
an exploit against the port where the service is running.

Note that by putting a logging daemon, IDS, or sniffer on
the wire, you can find out what programs the intruder is
attempting to access in order to figure out exactly what is
going on.
Where to get a more complete list of port info:
"Assigned Numbers" RFC, the official source for port
Database of port numbers, hyper-linked to various exploits on
those port numbers.

best wishes

sent on Linux

< Previous Next >