We are having web service using RH Linux 7.1.
What is the port 7070 for?
Here are result from netstat.
tcp 438 0 63.242.174.98:7070 211.178.78.241:1811
CLOSE_WAIT -
tcp 437 0 63.242.174.98:7070 211.203.216.5:1036
CLOSE_WAIT -
tcp 438 0 63.242.174.98:7070 211.178.78.241:1808
CLOSE_WAIT -
Any comments will be welcomed!
Thanks!
Chan
> We are having web service using RH Linux 7.1.
> What is the port 7070 for?
> Here are result from netstat.
I don't know what 7070 is used for, but here is one way you can find
out. As root, run the following command: `lsof -i TCP:7070`
That should tell you what program is bound to TCP port 7070.
As an example, if I do `lsof -i TCP:25`, on my system, the output
shows me that sendmail is bound to that port.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 138 root 4u IPv4 151 TCP *:smtp (LISTEN)
Later,
Ashok
P.S. If you do not have lsof installed, you can download it from:
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
--
Ashok Aiyar a-a...@northwestern.edu
Department of Microbiology-Immunology office: (312) 503-2524
303 E. Chicago Avenue, WARD 4-123 lab: (312) 503-2542
Northwestern University, Chicago, IL 60611 fax: (312) 503-1339
$ cat /etc/services | grep 7070
arcp 7070/tcp # ARCP
arcp 7070/udp # ARCP
this are the standard bindings.
google-search -> http://www.halcyon.com/amreg/
Amateru Radio Control Program
so this could be the arcp daemon (don't know it) or some (violent) daemon.
i've connected and there's no welcome message or help system included. i
assume that a well written daemon would print some error messages or
disconnect.
cya, pp
Lots of folks install Linux and simply install everything. So all kinds
of daemons might be running and no one is paying attention to them.
Each one of them could be a potential exploit. Completely avoidable:
run _only the services you need!
i'm sorry, i don't understand the meaning, but i assume that it's none
polite. if i'm wrong, please correct me.
btw: go to news://news.newsusers.questions an ask them for "realname"
cya, pp
Actually, '73' is amateur radio (ham) shorthand for 'best regards'
tcp port 7070 is associated with real audio
I don't see a problem in installing all the daemons, but I
do see a problem in too many being started by default.
When I installed RH6.0 for the first time I did enable and
disable a few services, but many I didn't know anything
about and just left them at the default value.
You can expect many people to leave the defaults, and for
that reason the install programs defaults for many of the
daemons should be reconsidered.
--
Kasper Dupont
we're here in col.security, so here's my opinion. you shoul keep your system
as small as possible, because when you got hacked, all installed software
(includes daemons) can be used for further attacks. think of sniffers and
other ip utilities. that's a good reason _not_ to install unused software.
cya, pp
--
100% sig.
> we're here in col.security, so here's my opinion. you shoul keep your
> system as small as possible, because when you got hacked, all installed
> software (includes daemons) can be used for further attacks. think of
> sniffers and other ip utilities. that's a good reason _not_ to install
> unused software.
If they get root, they can just upload what they need anyway. If someone
wants a copy of debian / redhat / suse etc, they can just as well go to
ftp.<distro>.org and get one - probably from a faster link.
You need to worry more about what's running (i.e what will let them get
root in the first place) than what's on the box.
--
Michael.
> If they get root, they can just upload what they need anyway. If someone
> wants a copy of debian / redhat / suse etc, they can just as well go to
> ftp.<distro>.org and get one - probably from a faster link.
>
> You need to worry more about what's running (i.e what will let them get
> root in the first place) than what's on the box.
thats right. but if they got a normal user account and a firewall or r/o
file system or a ids like tripwire prevents one from installing additional
software, it is a good idea to keep the system small. this is also a good
idea, because you see what's going up; with thousands of unused programs,
you won't recognize a backdoor.
cya, pp