Re: Port Cheat Sheet

[Derek Vadala <derek () usfca edu>]

On Mon, 24 May 1999, Joseph S D Yao wrote:

> Seriously, the first place I always look is /etc/services on some J Q
> Random Unix [or derivative] system.  The DEC one used to be very good.
> The Linux one seems to be good; probably *BSDs' are, as well.  Some
> companies seem to trim it a bit to mostly include the Well Known ports
> and their proprietary ports, though ...

/etc/services is not usually that helpful if you're sitting on a network
and watching traffic run by in attempt to track down a problem or
intrustion. It would be helpful, for example, to be able to figure out
what could be potentially passing traffic on given ports. Let's say I
witness a ton of traffic being passed on port 35767. Well it would be
helpful to know that XXXX application or trojan horse uses that port in a
default configuration. I don't think that you want to have that kind of
information sitting around in /etc/service, but it would be helpful if
security thugs and administrators around the world had a place to tagline
ports and say things like "Hey. I've noticed XXXX trend recently."


+++ath 
Derek Vadala, derek () usfca edu, http://www.cynicism.com/~derek