[Security] Nearly had heart attack ! :-O

Vincent Trouilliez vincent.trouilliez at modulonet.fr
Thu Mar 15 18:13:12 GMT 2007 

"Conrad Knauer" <atheoi at gmail.com> wrote:
> Could you post the results of the "sudo netstat -antup | grep ':\*'"
> command so that we can see what it might be.

Here it is. I hope the formatting survives and that it doesn't look
garbled when you received it...

tcp        0      0 127.0.0.1:2208          0.0.0.0:*               LISTEN     4113/hpiod          
tcp        0      0 0.0.0.0:2049            0.0.0.0:*               LISTEN     -                   
tcp        0      0 0.0.0.0:36579           0.0.0.0:*               LISTEN     4371/rpc.statd      
tcp        0      0 0.0.0.0:902             0.0.0.0:*               LISTEN     4420/xinetd         
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN     4326/smbd           
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     3471/portmap        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     30686/cupsd         
tcp        0      0 127.0.0.1:51865         0.0.0.0:*               LISTEN     4121/python         
tcp        0      0 0.0.0.0:668             0.0.0.0:*               LISTEN     4305/rpc.mountd     
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN     4326/smbd           
tcp        0      0 0.0.0.0:32799           0.0.0.0:*               LISTEN     -                   
udp        0      0 0.0.0.0:32768           0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:2049            0.0.0.0:*                          -                   
udp        0      0 0.0.0.0:32770           0.0.0.0:*                          4371/rpc.statd      
udp        0      0 85.69.101.76:137        0.0.0.0:*                          4324/nmbd           
udp        0      0 172.16.95.1:137         0.0.0.0:*                          4324/nmbd           
udp        0      0 0.0.0.0:137             0.0.0.0:*                          4324/nmbd           
udp        0      0 85.69.101.76:138        0.0.0.0:*                          4324/nmbd           
udp        0      0 172.16.95.1:138         0.0.0.0:*                          4324/nmbd           
udp        0      0 0.0.0.0:138             0.0.0.0:*                          4324/nmbd           
udp        0      0 0.0.0.0:665             0.0.0.0:*                          4305/rpc.mountd     
udp        0      0 0.0.0.0:68              0.0.0.0:*                          4780/dhclient3      
udp        0      0 0.0.0.0:731             0.0.0.0:*                          4371/rpc.statd      
udp        0      0 0.0.0.0:111             0.0.0.0:*                          3471/portmap        
udp        0      0 127.0.0.1:123           0.0.0.0:*                          4392/ntpd           
udp        0      0 0.0.0.0:123             0.0.0.0:*                          4392/ntpd           
udp6       0      0 :::123                  :::*                               4392/ntpd    

Port 668 doesn't say MeComm here, but rather: "4305/rpc.mountd"
maybe "rpc" stands for "Remote Protocol something" ? Maybe it is used
by the remote desktop functionality then, precisely what caused my heart attack ! ;-)


>Conrad Knauer wrote:
>If you add a "| grep -v 127.0.0.1" to the end of the above command it
will remove all the sockets that are listening only on localhost (i.e.
internal to the box and not seen by the outside world)

Ah, so if we do it manually from the output I pasted above, that means we can 
remove 4 of them from the list.. that's still a lot of stuff remaining, no ?
Maybe that's because in the past I played with the remote desktop, and also,
I played with sharing files with SMB and NFS (never quite worked though !), 
and also I have set up VMware server, and configured one NIC for it so I can have
internet access from the guest machines...

--
Vince

More information about the sounder mailing list