Re: security risk of having a long list of services in inetd
- From: Tim Edwards <timothy.edwards.ext@xxxxxxxxxxx>
- Date: Mon, 01 Sep 2008 10:31:26 +0200
Paul Dufresne wrote:
2008/8/30 Thomas Weinbrenner <thomas@xxxxxxxxxxxxxxxxxxxxx>:
Well, it is more than just a name. man inetd says:
"inetd should be run at boot time by /etc/rc (see rc(8)). It then listens
for connections on certain internet sockets. When a connection is found
on one of its sockets, it decides what service the socket corresponds to,
and invokes a program to service the request. After the program is fin‐
ished, it continues to listen on the socket (except in some cases which
will be described below). Essentially, inetd allows running one daemon
to invoke several others, reducing load on the system."
The man page also says:
"Upon execution, inetd reads its configuration information from a
configu‐ration file which, by default, is /etc/inetd.conf" :)
As pointed out by martin /etc/services is just an information file, used
by all sorts of programs (netstat, tcpdump etc.) so that they know that,
for eg., the string 'ssh' means TCP port 22.
/etc/inetd.conf is the file you should be looking at as this is inetd's
config file, and controls which ports it will listen on. The default in
Debian, and most other distros, nowadays is for it not to listen on any
ports - you have to configure what services you want.
Thanks, I tend to use 'lsof -i4' but I believe your command is better for that.When there is so much, it become too hard to look at each door to see"netstat -plunt" will show you exactly which programs are listening on
if there is a program behind, and if it does what it should.
which port.
If I was to exploit a security vulnerability (never did, nor want to)
and become root on your computer, I would prefer to abuse one of the
service in /etc/services rather than have a program sitting there to
listen to the Internet. That way, you would have to do the 'netstat
-plunt' command, while I am sending commands to your computer to
discover me.
But if there's no program sitting there listening on the port there's
nothing to connect to and nothing to abuse. You'll simply get a 'port
unreachable' (or something similar) ICMP message back from the kernel.
Unless the kernel itself has a security hole of course, which is why
running apt-get upgrade regularly is a good idea :)
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Prev by Date: Re: Debian Live Lenny Beta1
- Next by Date: Re: Debian on Dell Inspiron 640m
- Previous by thread: Re: Debian Live Lenny Beta1
- Next by thread: Re: Debian on Dell Inspiron 640m
- Index(es):
Relevant Pages
|
