Re: What services are using these ports?

To: debian-user@lists.debian.org
Subject: Re: What services are using these ports?
From: Tom Cook <tom.cook@adelaide.edu.au>
Date: Wed, 16 Oct 2002 15:00:58 +0930
Message-id: <[🔎] 20021016053058.GD17003@pinky.its.adelaide.edu.au>
Mail-followup-to: Tom Cook <tom.cook@adelaide.edu.au>, debian-user@lists.debian.org
In-reply-to: <[🔎] 3DACD9FA.9914494A@inetone.net>
References: <[🔎] 3DACD9FA.9914494A@inetone.net>

On  0, Marc Shapiro <mshapiro@inetone.net> wrote:
[snip]
> 	Port	Service			Comments
> 	   9	discard			What is this?

See http://www.sockets.com/rfc863.txt - your machine allows
connections on this port and throws any data sent to it to /dev/null.

> 	  13	daytime			What is this?

Try 'telnet localhost 13'.  It tells you the day and the time and
closes the connection.  Probably not exploitable...

> 	  21	ftp			OK

Not really OK.  I'd disable this and use scp instead.  FTP puts your
passwords on the network in plaintext.

> 	  22	unassigned		Is this talkd?

This is ssh.  Leave it there, it is a Good Thing.

> 	  23	telnet			OK

Not really OK.  It puts your passwords on the network in plaintext.
I'd disable it and use ssh (which also provides scp).

> 	  25	smtp			I dont have smtpd running and do
> 					not plan to set up a mail server.
> 					Is this exim listening here?

Probably exim.  Someone else suggested a way to make exim only listen
on the local interface.  I would add that it is worth not uninstalling
exim, since some user agents (such as mutt) need it to transport
out-going mail.

> 	  37	time			This should stay?

Try 'telnet localhost 37'.  This spits the current date and time, as
the numbers of seconds since 00:00 01/01/1900 GMT, as a 32-bit
number.  Probably not exploitable.

> 	  79	finger			This is gone, already.
> 	 111	sun RPC			portmapper?  Do I need this?

Only if you're using NFS or NIS.

> 	 113	authentication		What is this?

See http://www.faqs.org/rfcs/rfc912.html.  Try this:

$ telnet localhost
Username: <yourusername>
Password: <yourpassword>

$ netstat -a | grep localhost | grep ESTABLISHED
<pick out the one that's your telnet connection you just established,
and note the port numbers>
$ telnet localhost 113
3925,6000                              <- You type this
3925 , 6000 : USERID : UNIX :tkcook    <- Server response
^]
telnet> quit
$

You may have legitimate security concerns about this;  it will tell
you which user owns a connection without itself authenticating.

Google is your friend!  I found all the info above with a google
search for, eg, 'authentication port 113' (although I had to go to the
second page of hits for that one).  All of these protocols are defined
in RFCs.

Tom
-- 
Tom Cook
Information Technology Services, The University of Adelaide

Do not meddle in the affairs of dragons, for you are crunchy, and taste good with ketchup.

Get my GPG public key: https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au

Attachment: pgpRrU_0crslx.pgp
Description: PGP signature

Reply to:

References:
- What services are using these ports?
  - From: Marc Shapiro <mshapiro@inetone.net>

Prev by Date: Re: gdm, log in as root? - solution and new questions
Next by Date: Re: gdm, log in as root? - solution and new questions
Previous by thread: Re: What services are using these ports?
Next by thread: Re: What services are using these ports?
Index(es):
- Date
- Thread