Re: security risk of having a long list of services in inetd

From: "Paul Dufresne" <dufresnep@xxxxxxxxx>
Date: Sat, 30 Aug 2008 08:36:37 -0400

2008/8/30 Thomas Weinbrenner <thomas@xxxxxxxxxxxxxxxxxxxxx>:

Paul Dufresne <dufresnep@xxxxxxxxx> schrieb:

From: Paul Dufresne <dufresnep@xxxxxxxxx>

Looking to /etc/services, I found that Debian seems to like to have a
very big file with all known services rather than just add the
services needed. I don't even knows if other distributions does just
add the needed services.

That file is just a mapping of service names and ports, it has no relation
to services that are actually running.

Yes, I know. But as I see it, each mapping is like a *possible* door
to the Internet.

No, each *port* is like a possible door to the internet. /etc/services
is just a way to give ports names, regards if those ports are used or
not.

Well, it is more than just a name. man inetd says:
"inetd should be run at boot time by /etc/rc (see rc(8)). It then listens
for connections on certain internet sockets. When a connection is found
on one of its sockets, it decides what service the socket corresponds to,
and invokes a program to service the request. After the program is fin‐
ished, it continues to listen on the socket (except in some cases which
will be described below). Essentially, inetd allows running one daemon
to invoke several others, reducing load on the system."

When there is so much, it become too hard to look at each door to see
if there is a program behind, and if it does what it should.

"netstat -plunt" will show you exactly which programs are listening on
which port.

Thanks, I tend to use 'lsof -i4' but I believe your command is better for that.
If I was to exploit a security vulnerability (never did, nor want to)
and become root on your computer, I would prefer to abuse one of the
service in /etc/services rather than have a program sitting there to
listen to the Internet. That way, you would have to do the 'netstat
-plunt' command, while I am sending commands to your computer to
discover me.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: security risk of having a long list of services in inetd
  - From: Martin

References:
- security risk of having a long list of services in inetd
  - From: Paul Dufresne
- Re: security risk of having a long list of services in inetd
  - From: Thomas Weinbrenner

Prev by Date: RE: mail (local mail)
Next by Date: Re: mail (local mail)
Previous by thread: Re: security risk of having a long list of services in inetd
Next by thread: Re: security risk of having a long list of services in inetd
Index(es):
- Date
- Thread

Relevant Pages

Re: help: DHCP & cable-modem
... That's true for Windows, which comes with a lot of ports open and listening ... there's anything you don't want exposed to the Internet. ...
(Fedora)
Re: ports close & open
... > How can I close these ports for security purpose. ... hooks up your internet connection. ... connections but I'm not sure why something would be listening to that port ...
(linux.redhat)
Listening Ports
... internet through MS Proxy 2.0. ... ports are being used on it, it find that there are quite a ... A few weeks ago it was listening to ...
(microsoft.public.exchange.connectivity)
Re: ports
... You can stop the service that's listening on it, ... Internet - in which case the answer is to get a good firewall that will ... block the ports. ... That's only one step in security, but it's a good place to ...
(microsoft.public.security)
Re: Port forwarding to a client for VOIP
... the ports aren't doing anything are going anywhere. ... Instant Messaging with ISA Server ... Firewall client can handle complex protocols without an application filter. ... Microsoft Internet Security & Acceleration Server: ...
(microsoft.public.isa.configuration)