Hello Robert On 5/13/2007, "Robert Woodcock" <[EMAIL PROTECTED]> wrote:
>On Sun, May 13, 2007 at 11:17:20PM +0200, Tomas Pospisek wrote: >> Package: mtr >> Version: 0.71-2 >> Severity: normal >> >> When mtr is paused, "netstat -a -p" tells me: >> >> Proto/Recv-Q/Send-Q/Local Address/Foreign Address/State/PID/Program name >> udp 0 0 *:33370 *:* 12415/mtr >> raw 0 0 *:icmp *:* 7 12415/mtr >> raw 0 0 *:255 *:* 7 12415/mtr >> >> This does not feel good. >> >> Allthough mtr is "suspended", a potential "attacker" can find out that >> mtr is up on the host. This has security implications. > >Under what circumstances would they be able to check this using this >method and also not be able to check this using, say, 'ps'? Please >elaborate on the security implications you are referring to. By portscanning the host. >> Btw - has #156378 "mtr busy-waits when paused" been closed? It >>seems to be >> open (reportbug shows it, but bugs.debian.org/156378 >> doesn't). I meant to write that *bugs.debian.org/mtr* doesn't show it. *t
