Re: portscan: sunrpc etc...

To: Lev Lvovsky <levl289@sonous.com>
Cc: debian-user@lists.debian.org
Subject: Re: portscan: sunrpc etc...
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: Thu, 23 Sep 1999 22:43:18 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.3.96.990923221355.1738D-100000@laptop.vrielink.net>
In-reply-to: <[🔎] Pine.LNX.3.96.990923043056.31361A-100000@ground0.sonous.com>

On Thu, 23 Sep 1999, Lev Lvovsky wrote:

> upon runnign portscan on my computer from a nonlocal host, I get the
> following:
> 
> 9 -> discard
> 13 -> daytime
> 21 -> ftp
> 22 -> ssh
> 23 -> telnet
> 25 -> smtp
> 37 -> time
> 79 -> finger
> 80 -> www
> 110 -> pop-3
> 111 -> sunrpc
> 113 -> auth
> 
> as I use pretty much all of the "standard" daemons, I don't know what
> 'discard', 'daytime', 'time', 'sunrpc', and 'auth' are....if anyone can
> suggest ways for turning these off, I'd appreciate it (inetd.conf doesn't
> do  have anything that I've not checked as far as I know).  I especially
> need help with sunrpc, as it's nowhere to be found in rc*...

discard does just what it says, it discards all packets you send to it.
Sometimes useful for debugging, but a potential security risk (there are
Denial of Service attacks that use it), so disabling it is recommended (it
is in /etc/inetd.conf)

daytime and time are services that provide a simple time service (try
telnet localhost time or telnet localhost daytime). Time gives the time in
binary form. On a public network, they may be a security risk (very small
one, knowledge of the system time gives a cracker a small advantage in
it's attempts to crack encription protocols), so if you don't need them,
you can disable them.

Sunrpc is the port the portmapper process listens to. Portmapper is a
deamon is used for rpc based comunication, like NFS. If you want to use
NFS or other rpc based protocols, you need portmapper. Try the command
rpcinfo -p to see a list of registered rpc programs on your system and
the ports they use.

auth stands for the ident service, which is a service that can be used by
remote systems to ask root of the local system (who runs the identd) which
user is using a given network connection from your system (for
authentification, often used by mailservers). It's effect on security is a
bit controversial, but I believe it's useful enough to leave it enabled.

All these services are started by inetd, thus they can be disabled or
enabled in /etc/inetd.conf.

> also, can somone give me a straight answer on how to restart initd?  I've
> heard 'kill -HUP inetd', but it gives me an error of not being able to
> find it...I just kill it by pid, nad restart it manually (type 'inetd').

kill needs a process ID (a number) to work with. You could use pstree -p
or ps aux to find the process ID. But because there usually only is one
inetd running at the same time, you could use the command killall. Killall
kills all processes having the given name, so with killall -HUP inetd
'all' inetd processes are restarted.
You could also use the reload command for /etc/init.d/netbase (or
/etc/init.d/inetd if you are running potato) to reload inetd.

Tot ziens,

Bart-Jan

Reply to:

References:
- portscan: sunrpc etc...
  - From: Lev Lvovsky <levl289@sonous.com>

Prev by Date: Re: ip-up.d
Next by Date: Re: Newer LICQ?
Previous by thread: Re: portscan: sunrpc etc...
Next by thread: NFS mount freezes up my machine...
Index(es):
- Date
- Thread