topic Re: inetd services in Operating System - HP-UX

inetd services

yc_2 — Sun, 31 Oct 2004 19:56:52 GMT

Hi,

Need advice the following:

What application uses echo, time, sunrpc etc in HP-UX?

What is the difference between echo, time, exec etc services in inetd and command echo, time, exec ?

Thanks in advance,
YC

Re: inetd services

Michael Tully — Sun, 31 Oct 2004 20:47:32 GMT

The 'inetd' man page should answer most of your questions.

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=697436

'exec' means running exectuable commands from a remote system as root.
e.g.
rexec server ls
Password (server:root):
If the password is correct, the answer will be ls from the / directory of the remote system. This is of course if the 'exec' is not commented out.

Re: inetd services

Sridhar Bhaskarla — Sun, 31 Oct 2004 20:58:12 GMT

Hi,

1. There are hardly any applications that use echo, time etc.,.

2. The difference is that one set is commands and the other set is services. Services are associated with daemons. Inetd brokers the ports for these daemons. Whenever there is a connection attempted to the ports, inetd will invoke the service by spawing the corresponding daemon. For ex., 'telnet' is a service and 'telnetd' is the daemon. Inetd listens at port 23 for the service telnet. When a client connect to port 23 (like using a normal telnet command), inetd will spawn a telnetd session.

-Sri

Re: inetd services

Keith Buck — Tue, 02 Nov 2004 16:33:44 GMT

Taken from HP-UX Bastille questions at:

http://cvs.sourceforge.net/viewcvs.py/bastille-linux/dev/working_tree/Bastille/Questions/SecureInetd.txt?rev=1.1&only_with_tag=HEAD&view=markup

"The inetd's built-in services include chargen, daytime, discard,
and echo. These services are rarely used and when they are it is generally
for testing. The UDP versions of these services can be used in a Denial of
Service attack and therefore we recommend disabling these services. A brief
definition of each service is as follows:

daytime: Sends the current date and time as a human readable character string
(RFC 867)

discard: Throws away anything that is sent to it, similar to
/dev/null.(RFC 863)

chargen: Character Generator sends you a stream of some
undefined data, preferably data in some recognizable pattern (RFC 862)

echo: Simply returns the packets sent to it. (RFC 862)"

sunrpc can mean several different things; here's info on the tool-talk database server which is sunrpc based:

"The dtspcd, ttdbserver, and cmsd services are used by CDE. Each service
has relative merits but they are all rarely used and for the most part deprecated.
Definitions for each service are as follows:

dtspcd:
Desktop Subprocess Control service is used to invoke a processes on other
systems. It uses an IP based authentication that is relatively easy to beat.

cmsd:
This is used to run Sun's Calendar Manager software database over the network.
If you don't use Sun's Calendar Manager software you will not be affected by
disabling this service. Sun's Calendar Manager will not work properly with
cmsd disabled.

ttdbserver:
Sun's ToolTalk Database Server allows OpenWindows programs to intercommunicate.
Disabling this service may affect some of the advanced mail features of dtmail.
For instance, you will be unable to use the network aware mail locking feature
of dtmail. Some third party applications may use this service as well."

Hope that helps.

-Keith

Re: inetd services

yc_2 — Tue, 02 Nov 2004 21:37:19 GMT

Out of curiousity, if ports that are vulnerable, why HP did not closed or disable them?

My IT security personnel has done a scan to a newly installed HP-UX server and detected the following ports (excluding ports required for applications) are opened:

Port State Service
7/udp open echo
9/udp open discard
13/udp open daytime
19/udp open chargen
67/udp open bootps
68/udp open bootpc
69/udp open tftp
111/udp open sunrpc
135/udp open loc-srv
161/udp open snmp
177/udp open xdmcp
514/udp open syslog
518/udp open ntalk
948/udp open unknown
958/udp open unknown
1023/udp open unknown
1067/udp open instl_boots
1068/udp open instl_bootc
1434/udp open ms-sql-m
2049/udp open nfs
2121/udp open unknown
2148/udp open unknown
3068/udp open unknown
3069/udp open unknown
4045/udp open lockd
5300/udp open hacl-hb
5301/udp open hacl-gs
49158/udp open unknown
49159/udp open unknown
49160/udp open unknown
49161/udp open unknown
49162/udp open unknown
49164/udp open unknown
49165/udp open unknown
49177/udp open unknown
49194/udp open unknown
49197/udp open unknown
49209/udp open unknown
49340/udp open unknown
49343/udp open unknown

Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
37/tcp open time
80/tcp open http
111/tcp open sunrpc
113/tcp open auth
135/tcp open loc-srv
382/tcp open hp-managed-node
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
543/tcp open klogin
544/tcp open kshell
644/tcp open unknown
901/tcp open samba-swat
1508/tcp open diagmond
1712/tcp open unknown
2049/tcp filtered nfs
2121/tcp open unknown
2148/tcp open unknown
4045/tcp open lockd
4987/tcp open unknown
5300/tcp open hacl-hb
5301/tcp open hacl-gs
5302/tcp open hacl-cfg
5303/tcp open hacl-probe
5989/tcp open unknown
6112/tcp open dtspc
7161/tcp open unknown
7815/tcp open unknown
9610/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
49172/tcp open unknown
49192/tcp open unknown
49208/tcp open unknown
49243/tcp open unknown
49392/tcp open unknown
49396/tcp open unknown
49397/tcp open unknown
49450/tcp open unknown
49510/tcp open unknown
49511/tcp open unknown
51298/tcp open unknown
51300/tcp open unknown

How does one know whether the ports opened are required by OS especially those unknown ports?