Moinak: I suspect many of these ports are related to how ORBit2 is set up on your system. You probably have an /etc/orbitrc file with these lines:
ORBIIOPIPv4=1 ORBLocalOnly=1 This turns on IPv4 mode, so the ports are open, but turns on LocalOnly mode so that any connection requests from non-local machines are rejected. This is turned on by default so that Java programs work with accessibility by default. Unfortunately Java doesn't support using a sockets connection for local-only ORBit requests (the technique used by GTK+ programs), and it only supports using connections over IP. If you don't use accessibility, then you can remove your /etc/orbitrc file and the ports should go away. For users who want to tighten security and who don't use Java accessibility, this might be a good option. Brian > Just out of curiosity I ran this on my home PC while logged into JDS: > > netstat -an | grep LISTEN > > and was greeted with output that contained the following snippet: > > ... > *.64093 *.* 0 0 49152 0 LISTEN > *.33972 *.* 0 0 49152 0 LISTEN > *.56981 *.* 0 0 49152 0 LISTEN > *.49856 *.* 0 0 49152 0 LISTEN > *.39114 *.* 0 0 49152 0 LISTEN > *.54098 *.* 0 0 49152 0 LISTEN > *.36067 *.* 0 0 49152 0 LISTEN > *.53776 *.* 0 0 49152 0 LISTEN > *.58907 *.* 0 0 49152 0 LISTEN > *.33261 *.* 0 0 49152 0 LISTEN > *.36926 *.* 0 0 49152 0 LISTEN > *.55694 *.* 0 0 49152 0 LISTEN > *.53715 *.* 0 0 49152 0 LISTEN > *.59572 *.* 0 0 49152 0 LISTEN > *.62834 *.* 0 0 49152 0 LISTEN > *.52235 *.* 0 0 49152 0 LISTEN > *.61644 *.* 0 0 49152 0 LISTEN > *.41538 *.* 0 0 49152 0 LISTEN > ... > > Lotsa ephemeral open ports listening on all interfaces! After a little > scripting around pfiles > this is what I get: > > ... > sockname: AF_INET 0.0.0.0 port: 64093 > moinakg 575 1 0 19:37:27 ? 0:01 /usr/lib/gconfd-2 13 > sockname: AF_INET 0.0.0.0 port: 36067 > moinakg 600 1 0 19:37:30 ? 0:01 gnome-panel > --sm-client-id default1 > sockname: AF_INET 0.0.0.0 port: 54098 > moinakg 597 1 1 19:37:29 ? 0:05 /usr/bin/metacity > --sm-client-id=default0 > sockname: AF_INET 0.0.0.0 port: 39114 > moinakg 589 1 0 19:37:28 ? 0:00 > /usr/lib/gnome-settings-daemon > sockname: AF_INET 0.0.0.0 port: 53776 > moinakg 602 1 0 19:37:30 ? 0:01 nautilus > --no-default-window --sm-client-id default2 > sockname: AF_INET 0.0.0.0 port: 36926 > moinakg 604 1 0 19:37:30 ? 0:00 > /usr/lib/bonobo-activation-server --ac-activate --ior-output-fd=19 > sockname: AF_INET 0.0.0.0 port: 55694 > moinakg 615 1 0 19:37:32 ? 0:04 /usr/lib/wnck-applet > --oaf-activate-iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior- > sockname: AF_INET 0.0.0.0 port: 33261 > moinakg 611 1 0 19:37:30 ? 0:00 > /usr/lib/gnome-volume-manager --sm-disable > sockname: AF_INET 0.0.0.0 port: 58907 > moinakg 610 1 0 19:37:30 ? 0:00 /usr/lib/gnome-vfs-daemon > sockname: AF_INET 0.0.0.0 port: 62834 > moinakg 625 1 0 19:37:32 ? 0:00 /usr/lib/trashapplet > --oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory > sockname: AF_INET 0.0.0.0 port: 52235 > sockname: AF_INET 0.0.0.0 port: 0 > moinakg 617 1 0 19:37:32 ? 0:03 > /usr/lib/gnome-netstatus-applet > --oaf-activate-iid=OAFIID:GNOME_NetstatusApplet > sockname: AF_INET 0.0.0.0 port: 61644 > moinakg 619 1 0 19:37:32 ? 0:03 /usr/lib/mixer_applet2 > --oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oa > sockname: AF_INET 0.0.0.0 port: 53715 > moinakg 621 1 0 19:37:32 ? 0:01 /usr/lib/clock-applet > --oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf > sockname: AF_INET 0.0.0.0 port: 59572 > moinakg 623 1 0 19:37:32 ? 0:00 > /usr/lib/notification-area-applet > --oaf-activate-iid=OAFIID:GNOME_NotificationA > ... > > All the GNOME applets are listening on open ports. I wonder what could > be the purpose. > But this appears to undermine the Secure By Default requirement of not > listening by default > on the external interface. > > Regards, > Moinak. > > _______________________________________________ > desktop-discuss mailing list > desktop-discuss at opensolaris.org
