From: Gold Sun (goldsun8@yahoo.com.sg)
Date: Thu Sep 15 2005 - 04:22:13 EDT
Hi,
I was notified during a vulnerability scan that there are ports that
are open on the Sun servers which I just 'inherited' not too long ago.
Issuing "netstat -an" showed the ports with "listen" state & I can
then search the port number under /etc/services, say "printer" &
then look up /etc/inetd.conf. I can then comment out (prefixing
with #) for the entry in inetd.conf & then restart inetd.
However there's some ports which I cant trace in the above
manner.
# netstat -an
. . .
*.3181 *.* 0 0 24576 0 LISTEN
*.5600 *.* 0 0 24576 0 LISTEN
. . .
# grep 3181 /etc/services
# grep 5600 /etc/services
Will "netstat -anv" give any clue like pid of the daemon that's
listening on that port etc?? I do not have the documentation
from my predecessor who's left. If I can trace it to a specific
application name, say Tivoli Storage Manager, then I can
list it out & tell the auditor this is a required port or if it's some
dubious ones, possibly stop the application & see if it breaks
(if it does, then start it up again).
Sample "netstat -anv" output follows :
UDP: IPv4
Local Address Remote Address State
-------------------- -------------------- -------
. . .
10.196.16.12.123 Idle
TCP: IPv4
Local/Remote Address Swind Snext Suna Rwind Rnext Rack Rto Mss State
-------------------- ----- -------- -------- ----- -------- -------- ----- ----- -----
*.3181
*.* 0 00000000 00000000 24576 00000000 00000000 3375 536 LISTEN
*.5600
*.* 0 00000000 00000000 24576 00000000 00000000 3375 536 LISTEN
. . . . .
Thanks
---------------------------------
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:39 EDT