On Thu, 23 Sep 1999, Lev Lvovsky wrote: > upon runnign portscan on my computer from a nonlocal host, I get the > following: > > 9 -> discard > 13 -> daytime > 21 -> ftp > 22 -> ssh > 23 -> telnet > 25 -> smtp > 37 -> time > 79 -> finger > 80 -> www > 110 -> pop-3 > 111 -> sunrpc > 113 -> auth > > as I use pretty much all of the "standard" daemons, I don't know what > 'discard', 'daytime', 'time', 'sunrpc', and 'auth' are....if anyone can > suggest ways for turning these off, I'd appreciate it (inetd.conf doesn't > do have anything that I've not checked as far as I know). I especially > need help with sunrpc, as it's nowhere to be found in rc*...
discard does just what it says, it discards all packets you send to it. Sometimes useful for debugging, but a potential security risk (there are Denial of Service attacks that use it), so disabling it is recommended (it is in /etc/inetd.conf) daytime and time are services that provide a simple time service (try telnet localhost time or telnet localhost daytime). Time gives the time in binary form. On a public network, they may be a security risk (very small one, knowledge of the system time gives a cracker a small advantage in it's attempts to crack encription protocols), so if you don't need them, you can disable them. Sunrpc is the port the portmapper process listens to. Portmapper is a deamon is used for rpc based comunication, like NFS. If you want to use NFS or other rpc based protocols, you need portmapper. Try the command rpcinfo -p to see a list of registered rpc programs on your system and the ports they use. auth stands for the ident service, which is a service that can be used by remote systems to ask root of the local system (who runs the identd) which user is using a given network connection from your system (for authentification, often used by mailservers). It's effect on security is a bit controversial, but I believe it's useful enough to leave it enabled. All these services are started by inetd, thus they can be disabled or enabled in /etc/inetd.conf. > also, can somone give me a straight answer on how to restart initd? I've > heard 'kill -HUP inetd', but it gives me an error of not being able to > find it...I just kill it by pid, nad restart it manually (type 'inetd'). kill needs a process ID (a number) to work with. You could use pstree -p or ps aux to find the process ID. But because there usually only is one inetd running at the same time, you could use the command killall. Killall kills all processes having the given name, so with killall -HUP inetd 'all' inetd processes are restarted. You could also use the reload command for /etc/init.d/netbase (or /etc/init.d/inetd if you are running potato) to reload inetd. Tot ziens, Bart-Jan
