RH Taroon Beta Open Ports
rhldevel at assursys.co.uk
rhldevel at assursys.co.uk
Mon Aug 25 12:11:12 UTC 2003
On Mon, 25 Aug 2003, Thomas Vander Stichele wrote:
> On Mon, 2003-08-25 at 13:50, rhldevel at assursys.co.uk wrote:
> > 111/tcp open sunrpc
> > 111/udp open sunrpc
>
> both are necessary for NFS mounts to work, since these requests go
> through portmap.
Sure, but no NFS mounts were configured on install. Perhaps anaconda
should parse /etc/fstab if an upgrade install is being performed to
determine whether portmap is likely to be necessary or not.
> > 1010/udp open unknown
>
> check with netstat to see what is running here, have no idea.
rpc.statd. See above.
> > 6000/tcp open X11
>
> AFAIK this doesn't mean anyone can connect; there's still a lot of X
> authority stuff to get through (specifically, the X runner needs to
> authorize outside connections).
I'm thinking in terms of DoS and zombies-via-buffer-overflow of the X server
(which is running with root privs, too, of course). Any listening service is
a potential risk, even if it requires authentication before it can be used
in the "normal" way.
> I think this setup is pretty safe :) What exactly do you not trust ?
Everyone and everything, but that's a topic for another thread entirely. ;-)
> Thomas
Best Regards,
Alex.
More information about the fedora-devel-list
mailing list