Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] ports
On Wed, 23 May 2001, S.Toms wrote:
> The other ones I see is 11, and
> occasionally 69

in firewall_forensics
Version 0.4.1, June 20, 2000
http://www.robertgraham.com/pubs/firewall-seen.html

Copyright 1998-2000 by Robert Graham
(firewall-seen@xxxxxxxxxxxxxxxxx
_____________________________________________

11
sysstat
This is a UNIX service that will list all the running
processes on a machine and who started them. This gives
an intruder a huge amount of information that might be
used to compromise the machine, such as indicating
programs with known vulnerabilities or user accounts. It
is similar the contents that can be displayed with the
UNIX "ps" command. ICMP doesn't have ports; if you see
something that says "ICMP port 11", you probably want ICMP
type=11.


69 TFTP
(over UDP). Many servers support this protocol in
conjunction with BOOTP in order to download boot code
to the system. However, they are frequently
misconfigured to provide any file from the system, such
as password files. They can also be used to write files to
the system.

111
sunrpc
portmap
rpcbind
Sun RPC PortMapper/RPCBIND. Access to portmapper
is the first step in scanning a system looking for all the
RPC services enabled, such as rpc.mountd, NFS,
rpc.statd, rpc.csmd, rpc.ttybd, amd, etc. If the intruder
finds the appropriate service enabled, s/he will then run
an exploit against the port where the service is running.

Note that by putting a logging daemon, IDS, or sniffer on
the wire, you can find out what programs the intruder is
attempting to access in order to figure out exactly what is
going on.
____________________________
Where to get a more complete list of port info:
ftp://ftp.isi.edu/in-notes/iana/assignments/port-numbers
"Assigned Numbers" RFC, the official source for port
assignments.
http://advice.networkice.com/advice/Exploits/Ports/
Database of port numbers, hyper-linked to various exploits on
those port numbers.
__________________________________

best wishes

--
____________
sent on Linux
___________


< Previous Next >
References