Skip to main content.

2002-Oct-21

Saw some connections listening on an old Linux box. lsof binary was built against wrong kernel and didn't work. Also --program switch for netstat just showed "-" (dash) for PID/Program name. But "fuser -v -n tcp 3103" worked to show process listening to port 3103. (This was inetd which forked Exim. But not in current inetd.conf which had newer time stamp than inetd process start date.)

Some others too, like: 

1025/udp             root        154 f....  named
The logs say: 
Oct  8 22:03:35 www named[153]: Forwarding source address is [0.0.0.0].1025
So this is the UDP port used when sending out recursive queries. (See "query-source" in named.conf configs.)

I wonder why 677/udp and 679/tcp for rcp.statd aren't listed in /etc/services.

Made binary update for SA2002-026: remote buffer overflow in Heimdal Kerberos kadmind, resulting in root exploit.