Re: What services are using these ports?

[Tom Cook]

On  0, Marc Shapiro <[EMAIL PROTECTED]> wrote:
[snip]
>       Port    Service                 Comments
>          9    discard                 What is this?

See http://www.sockets.com/rfc863.txt - your machine allows
connections on this port and throws any data sent to it to /dev/null.

>         13    daytime                 What is this?

Try 'telnet localhost 13'.  It tells you the day and the time and
closes the connection.  Probably not exploitable...

>         21    ftp                     OK

Not really OK.  I'd disable this and use scp instead.  FTP puts your
passwords on the network in plaintext.

>         22    unassigned              Is this talkd?

This is ssh.  Leave it there, it is a Good Thing.

>         23    telnet                  OK

Not really OK.  It puts your passwords on the network in plaintext.
I'd disable it and use ssh (which also provides scp).

>         25    smtp                    I dont have smtpd running and do
>                                       not plan to set up a mail server.
>                                       Is this exim listening here?

Probably exim.  Someone else suggested a way to make exim only listen
on the local interface.  I would add that it is worth not uninstalling
exim, since some user agents (such as mutt) need it to transport
out-going mail.

>         37    time                    This should stay?

Try 'telnet localhost 37'.  This spits the current date and time, as
the numbers of seconds since 00:00 01/01/1900 GMT, as a 32-bit
number.  Probably not exploitable.

>         79    finger                  This is gone, already.
>        111    sun RPC                 portmapper?  Do I need this?

Only if you're using NFS or NIS.

>        113    authentication          What is this?

See http://www.faqs.org/rfcs/rfc912.html.  Try this:

$ telnet localhost
Username: <yourusername>
Password: <yourpassword>

$ netstat -a | grep localhost | grep ESTABLISHED
<pick out the one that's your telnet connection you just established,
and note the port numbers>
$ telnet localhost 113
3925,6000                              <- You type this
3925 , 6000 : USERID : UNIX :tkcook    <- Server response
^]
telnet> quit
$

You may have legitimate security concerns about this;  it will tell
you which user owns a connection without itself authenticating.

Google is your friend!  I found all the info above with a google
search for, eg, 'authentication port 113' (although I had to go to the
second page of hits for that one).  All of these protocols are defined
in RFCs.

Tom
-- 
Tom Cook
Information Technology Services, The University of Adelaide

Do not meddle in the affairs of dragons, for you are crunchy, and taste good with 
ketchup.

Get my GPG public key: 
https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au

msg07299/pgp00000.pgp
Description: PGP signature