Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What is the port 7070 for?

5,275 views
Skip to first unread message

PSI, Chan Yoon

unread,
Nov 15, 2001, 10:58:23 AM11/15/01
to
Hi there,

We are having web service using RH Linux 7.1.
What is the port 7070 for?
Here are result from netstat.

tcp 438 0 63.242.174.98:7070 211.178.78.241:1811
CLOSE_WAIT -
tcp 437 0 63.242.174.98:7070 211.203.216.5:1036
CLOSE_WAIT -
tcp 438 0 63.242.174.98:7070 211.178.78.241:1808
CLOSE_WAIT -

Any comments will be welcomed!

Thanks!

Chan

Ashok Aiyar

unread,
Nov 15, 2001, 11:24:53 AM11/15/01
to
On Thu, 15 Nov 2001 10:58:23 -0500,
PSI, Chan Yoon (cy...@mitre.org) wrote:

> We are having web service using RH Linux 7.1.
> What is the port 7070 for?
> Here are result from netstat.

I don't know what 7070 is used for, but here is one way you can find
out. As root, run the following command: `lsof -i TCP:7070`

That should tell you what program is bound to TCP port 7070.

As an example, if I do `lsof -i TCP:25`, on my system, the output
shows me that sendmail is bound to that port.
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 138 root 4u IPv4 151 TCP *:smtp (LISTEN)

Later,
Ashok

P.S. If you do not have lsof installed, you can download it from:
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
--
Ashok Aiyar a-a...@northwestern.edu
Department of Microbiology-Immunology office: (312) 503-2524
303 E. Chicago Avenue, WARD 4-123 lab: (312) 503-2542
Northwestern University, Chicago, IL 60611 fax: (312) 503-1339

Petra Poppe

unread,
Nov 15, 2001, 12:40:41 PM11/15/01
to
> What is the port 7070 for?

$ cat /etc/services | grep 7070
arcp 7070/tcp # ARCP
arcp 7070/udp # ARCP

this are the standard bindings.

google-search -> http://www.halcyon.com/amreg/

Amateru Radio Control Program

so this could be the arcp daemon (don't know it) or some (violent) daemon.
i've connected and there's no welcome message or help system included. i
assume that a well written daemon would print some error messages or
disconnect.


cya, pp


Sundial Services

unread,
Nov 15, 2001, 1:27:07 PM11/15/01
to
If you're a ham, then "73's!" But if you're not, it smells like
trouble.

Lots of folks install Linux and simply install everything. So all kinds
of daemons might be running and no one is paying attention to them.
Each one of them could be a potential exploit. Completely avoidable:
run _only the services you need!

Petra Poppe

unread,
Nov 15, 2001, 3:17:32 PM11/15/01
to
> If you're a ham, then "73's!" But if you're not, it smells like
> trouble.

i'm sorry, i don't understand the meaning, but i assume that it's none
polite. if i'm wrong, please correct me.
btw: go to news://news.newsusers.questions an ask them for "realname"


cya, pp


Pat Crean

unread,
Nov 15, 2001, 4:08:15 PM11/15/01
to
Petra Poppe wrote:

Actually, '73' is amateur radio (ham) shorthand for 'best regards'

tcp port 7070 is associated with real audio

Sundial Services

unread,
Nov 15, 2001, 4:16:32 PM11/15/01
to
CQ CQ INTERNET 73 DE K7DEI HI HI

Kasper Dupont

unread,
Nov 15, 2001, 6:24:26 PM11/15/01
to
Sundial Services wrote:
>
> Lots of folks install Linux and simply install everything. So all kinds
> of daemons might be running and no one is paying attention to them.
> Each one of them could be a potential exploit. Completely avoidable:
> run _only the services you need!

I don't see a problem in installing all the daemons, but I
do see a problem in too many being started by default.
When I installed RH6.0 for the first time I did enable and
disable a few services, but many I didn't know anything
about and just left them at the default value.

You can expect many people to leave the defaults, and for
that reason the install programs defaults for many of the
daemons should be reconsidered.

--
Kasper Dupont

Petra Poppe

unread,
Nov 16, 2001, 11:13:06 AM11/16/01
to
> I don't see a problem in installing all the daemons, but I
> do see a problem in too many being started by default.
> When I installed RH6.0 for the first time I did enable and
> disable a few services, but many I didn't know anything
> about and just left them at the default value.

we're here in col.security, so here's my opinion. you shoul keep your system
as small as possible, because when you got hacked, all installed software
(includes daemons) can be used for further attacks. think of sniffers and
other ip utilities. that's a good reason _not_ to install unused software.

cya, pp

--
100% sig.


Michael

unread,
Nov 16, 2001, 11:51:40 AM11/16/01
to
In <9t3dko$4k47$1...@ID-61421.news.dfncis.de>, Petra Poppe wrote:

> we're here in col.security, so here's my opinion. you shoul keep your
> system as small as possible, because when you got hacked, all installed
> software (includes daemons) can be used for further attacks. think of
> sniffers and other ip utilities. that's a good reason _not_ to install
> unused software.

If they get root, they can just upload what they need anyway. If someone
wants a copy of debian / redhat / suse etc, they can just as well go to
ftp.<distro>.org and get one - probably from a faster link.

You need to worry more about what's running (i.e what will let them get
root in the first place) than what's on the box.

--
Michael.

Petra Poppe

unread,
Nov 16, 2001, 9:53:11 PM11/16/01
to
[keep your system clean]

> If they get root, they can just upload what they need anyway. If someone
> wants a copy of debian / redhat / suse etc, they can just as well go to
> ftp.<distro>.org and get one - probably from a faster link.
>
> You need to worry more about what's running (i.e what will let them get
> root in the first place) than what's on the box.

thats right. but if they got a normal user account and a firewall or r/o
file system or a ids like tripwire prevents one from installing additional
software, it is a good idea to keep the system small. this is also a good
idea, because you see what's going up; with thousands of unused programs,
you won't recognize a backdoor.


cya, pp


0 new messages