Re: portscan: sunrpc etc...
On Thu, 23 Sep 1999, Lev Lvovsky wrote: > upon runnign portscan on my computer from a nonlocal host, I get the > following: > > 9 -> discard > 13 -> daytime > 21 -> ftp > 22 -> ssh > 23 -> telnet > 25 -> smtp > 37 -> time > 79 -> finger > 80 -> www > 110 -> pop-3 > 111 -> sunrpc > 113 -> auth > > as I use pretty much all of the "standard" daemons, I don't know what > 'discard', 'daytime', 'time', 'sunrpc', and 'auth' areif anyone can > suggest ways for turning these off, I'd appreciate it (inetd.conf doesn't > do have anything that I've not checked as far as I know). I especially > need help with sunrpc, as it's nowhere to be found in rc*... discard does just what it says, it discards all packets you send to it. Sometimes useful for debugging, but a potential security risk (there are Denial of Service attacks that use it), so disabling it is recommended (it is in /etc/inetd.conf) daytime and time are services that provide a simple time service (try telnet localhost time or telnet localhost daytime). Time gives the time in binary form. On a public network, they may be a security risk (very small one, knowledge of the system time gives a cracker a small advantage in it's attempts to crack encription protocols), so if you don't need them, you can disable them. Sunrpc is the port the portmapper process listens to. Portmapper is a deamon is used for rpc based comunication, like NFS. If you want to use NFS or other rpc based protocols, you need portmapper. Try the command rpcinfo -p to see a list of registered rpc programs on your system and the ports they use. auth stands for the ident service, which is a service that can be used by remote systems to ask root of the local system (who runs the identd) which user is using a given network connection from your system (for authentification, often used by mailservers). It's effect on security is a bit controversial, but I believe it's useful enough to leave it enabled. All these services are started by inetd, thus they can be disabled or enabled in /etc/inetd.conf. > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). kill needs a process ID (a number) to work with. You could use pstree -p or ps aux to find the process ID. But because there usually only is one inetd running at the same time, you could use the command killall. Killall kills all processes having the given name, so with killall -HUP inetd 'all' inetd processes are restarted. You could also use the reload command for /etc/init.d/netbase (or /etc/init.d/inetd if you are running potato) to reload inetd. Tot ziens, Bart-Jan
Re: portscan: sunrpc etc...
-BEGIN PGP SIGNED MESSAGE- On Thu, 23 Sep 1999, Lev Lvovsky wrote: > upon runnign portscan on my computer from a nonlocal host, I get the > following: > [[[ list snipped for space]]] > > as I use pretty much all of the "standard" daemons, I don't know what > 'discard', 'daytime', 'time', 'sunrpc', and 'auth' areif anyone > can suggest ways for turning these off, I'd appreciate it (inetd.conf > doesn't do have anything that I've not checked as far as I know). I > especially need help with sunrpc, as it's nowhere to be found in > rc*... As has been posted, "discard" is the tcp equivalent of /dev/null. echo repeats whatever you send to it. Daytime gives you the time in ascii format. Time somehow returns the time in a binary format, i forget exactly how it works. chargen outputs ascii characters, 72 per line, in order, each line starting one character later in the sequence. > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). Usually i use /etc/init.d/inetd restart - -- finger for PGP public key. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBN+r+mr7M/9WKZLW5AQFQEgP+JngBOi6vxD25MMKdD0vxUEqCRjDJEsdJ 2BNGKuw55OBM9MUF+oOAsnhitksLlxK1EX+PFiNjPxEO6el4DhUwT/tw/P9Sj/uP JSsEviZn5Ed032kIhpwBQY8/9IhS1rlCqM+LzVhgL5haQdQDzdOw+uXJ5oAqugC9 ozGlglUy7l8= =NJQx -END PGP SIGNATURE-
Re: portscan: sunrpc etc...
Just a quick warning -- killall functions quite nicely under linux. But, don't try it under other versions of unix as superuser, since it often does kill*all*. As for the services... discard throws away everything that hits it -- /dev/null ported to tcp/ip sockets. :) daytime tells the date and time (Thu Sep 23 12:42:13 1999). Time I don't know exactly how it works, I get one of the french quotes when I try to telnet to that port on my machine, and auth is identd -- used sometimes for irc, printing, email, that sort of stuff, though many people disable it, and there are many ways under windows to replace it entirely with bogus info without requiring administrator access -- so most people don't trust it. (and don't you hate 'inetd' 'init' and 'identd' ??) And, of course, for sunrpc, I haven't a clue how to remove it, though look into "portmap" etc.. :) On Thu, Sep 23, 1999 at 04:35:35AM -0700, Lev Lvovsky wrote: > > hello, > > upon runnign portscan on my computer from a nonlocal host, I get the > following: > > 9 -> discard > 13 -> daytime > 21 -> ftp > 22 -> ssh > 23 -> telnet > 25 -> smtp > 37 -> time > 79 -> finger > 80 -> www > 110 -> pop-3 > 111 -> sunrpc > 113 -> auth > > as I use pretty much all of the "standard" daemons, I don't know what > 'discard', 'daytime', 'time', 'sunrpc', and 'auth' areif anyone can > suggest ways for turning these off, I'd appreciate it (inetd.conf doesn't > do have anything that I've not checked as far as I know). I especially > need help with sunrpc, as it's nowhere to be found in rc*... > > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). > > thanks > -lev > > > //sig: > //Social graces are the packet headers of everyday life > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
RE: portscan: sunrpc etc...
Just a quick note, you may also try: killall -HUP inetd instead of 'kill -HUP inetd' That works just as well :P - Ryan /* Ryan McLean * Network/Systems Administrator * Honesty.com * http://www.honesty.com */ -Original Message- From: Jean-Yves BARBIER [mailto:[EMAIL PROTECTED] Sent: Thursday, September 23, 1999 1:58 PM To: debian-user@lists.debian.org Subject: Re: portscan: sunrpc etc... On Thu, Sep 23, 1999 at 04:35:35AM -0700, Lev Lvovsky wrote: > do have anything that I've not checked as far as I know). I especially > need help with sunrpc, as it's nowhere to be found in rc*... ^^ So do I ;->> > > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). :) don't type 'inetd', type the inetd PID (make a 'ps aux', then watch the PID number, then type 'kill -HUP nnn' , where nnn isd the PID number). > thanks You're welcome! > //Social graces are the packet headers of everyday life I'd rather said: 'Social graces are the hypocrysis of our actual society', but I'm rather cinical (don't know if its the right expression?) JY -- Jean-Yves Barbier <[EMAIL PROTECTED]> The road to hell is paved with NAND gates. -- J. Gooding -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
Re: portscan: sunrpc etc...
On Thu, Sep 23, 1999 at 04:35:35AM -0700, Lev Lvovsky wrote: > do have anything that I've not checked as far as I know). I especially > need help with sunrpc, as it's nowhere to be found in rc*... ^^ So do I ;->> > > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). :) don't type 'inetd', type the inetd PID (make a 'ps aux', then watch the PID number, then type 'kill -HUP nnn' , where nnn isd the PID number). > thanks You're welcome! > //Social graces are the packet headers of everyday life I'd rather said: 'Social graces are the hypocrysis of our actual society', but I'm rather cinical (don't know if its the right expression?) JY -- Jean-Yves Barbier <[EMAIL PROTECTED]> The road to hell is paved with NAND gates. -- J. Gooding
portscan: sunrpc etc...
hello, upon runnign portscan on my computer from a nonlocal host, I get the following: 9 -> discard 13 -> daytime 21 -> ftp 22 -> ssh 23 -> telnet 25 -> smtp 37 -> time 79 -> finger 80 -> www 110 -> pop-3 111 -> sunrpc 113 -> auth as I use pretty much all of the "standard" daemons, I don't know what 'discard', 'daytime', 'time', 'sunrpc', and 'auth' areif anyone can suggest ways for turning these off, I'd appreciate it (inetd.conf doesn't do have anything that I've not checked as far as I know). I especially need help with sunrpc, as it's nowhere to be found in rc*... also, can somone give me a straight answer on how to restart initd? I've heard 'kill -HUP inetd', but it gives me an error of not being able to find it...I just kill it by pid, nad restart it manually (type 'inetd'). thanks -lev //sig: //Social graces are the packet headers of everyday life