[137] in bugtraq
Weirdness in Sunos 4.1.3ui/ a cracker in the libs?
daemon@ATHENA.MIT.EDU (Charles Howes)
Tue Nov 1 03:04:36 1994
Date: Mon, 31 Oct 1994 23:10:52 -0800 (PST)
From: Charles Howes <chowes@helix.net>
To: bugtraq@fc.net
In-Reply-To: <9410311344.AA01126@snark.imsi.com>
I was just running lsof the other day on our sunos system. It seems that
almost every program we're running has a udp port open. My big
concern is, what's it there for? Is it waiting for udp packets from
someone, telling it to start dumping keystroke logs?
Or is it normal? And how would a lowly sysadmin like me be able to
tell the difference? (Apart from tripwire on the affected programs.)
An abbreviated list from lsof:
] in.telnet 880 root 0u inet TCP sunhost:telnet->termserv:7045
] in.telnet 880 root 1u inet TCP sunhost:telnet->termserv:7045
] in.telnet 880 root 2u inet TCP sunhost:telnet->termserv:7045
] in.telnet 880 root 4u inet UDP *:632
] in.telnet 1034 root 0u inet TCP sunhost:telnet->termserv:6049
] in.telnet 1034 root 1u inet TCP sunhost:telnet->termserv:6049
] in.telnet 1034 root 2u inet TCP sunhost:telnet->termserv:6049
] in.telnet 1034 root 4u inet UDP *:786
] pine 5550 usera 4u inet UDP *:1705
] sendmail. 5660 userb 5u inet TCP sunhost:smtp->anotherhost:4386
] sendmail. 5660 userb 6u inet UDP *:709
] sendmail. 5660 userb 7u inet TCP sunhost:smtp->anotherhost:4386
] lsof 5678 root 8u inet UDP *:766
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
