Security Incidents mailing list archives
Re: port 768
From: gyst () NFG NL (Guido A.J. Stevens)
Date: Fri, 28 Jan 2000 21:14:51 +0100
Jose Nazario <jose () biocserver BIOC CWRU Edu> writes:
lemme share my port-numbers file with you. i snarfed this from packetstorm, i seem to recall. obviously it has some limitations, ie linuxconf on port 98 is not listed (but more common than what is listed), but you get the idea. it doesn't contain trojans, though, just services.
Well, yes, but I already studied this file, and others, and didn't find port 768 listed. I went through the RTFM routine all right. I may be a tad simplistic here, but my reasoning is: this is my computer, it should be able to tell me what it is doing. It is all right to grep external documentation for exotic ports that people are probing on my machine; as long as my machine doesn't listen to that port anyway that is a nice way of finding out what services people think /might/ be running. But here I got probed on a port on which some service was actually listening. And I need to rely on some helpful stranger to teach me that this was actually rpc.mountd happening. This just seems far too fuzzy a way to find out what is going on on my machine. The machine is deterministic. It should be able to tell me exactly what it is doing. Surely there's a *command* to find this out? (We're talking Linux here, BTW.) Sorry if I'm missing something obvious, I know there's a lot I don't know, that I should know. That's why I'm asking... :*CU# -- *** Guido A.J. Stevens *** mailto:gyst () nfg nl *** *** Net Facilities Group *** tel:+31.43.3618933 *** *** http://www.nfg.nl *** fax:+31.43.3560502 *** Around the world there are networks of spy stations and spy satellites which can intercept communications anywhere on the planet. [Hager, ISBN 0-908802-35-8, p.56]
Current thread:
- Re: port 768 Guido A.J. Stevens (Jan 28)
- Re: port 768 Richard Johnson (Jan 28)
- Re: port 768 Dave Dittrich (Jan 28)
- Re: port 768 Robert Graham (Jan 28)
- First china, now russia? Joseph Geyer (Jan 30)
- Re: port 768 Eric Preston (Jan 30)
- <Possible follow-ups>
- Re: port 768 Guido A.J. Stevens (Jan 28)