HPE Community
Operating System - HP-UX
1847485 Members
3772 Online
110265 Solutions
New Discussion

Re: Is the system really secure

 
Asad Malik
Frequent Advisor

‎11-27-2000 02:18 PM

‎11-27-2000 02:18 PM

Is the system really secure

Hi
We are running a trusted system. If I run netstat -n command, it will show only connection that are in ?Established? shown in ? state? column and socket (IP address.port#) is shown under the column ?Foreign Address?. If I run netstat command with options -an then I see under foreign address *.* and status is LISTEN. Are these the passive sockets and is not a security threat to the system?
Any explanation will be appreciated.

Thanks
0 Kudos
Reply
6 REPLIES 6
Kofi ARTHIABAH
Honored Contributor

‎11-27-2000 02:53 PM

‎11-27-2000 02:53 PM

Re: Is the system really secure

Asad:

The system may not necessarily be secure... when you run netstat -an you get a listing telling you what services are running (are listening) any service (look under Local Address) that has a LISTEN against it is a service running.

you can use the lsof tool to determine what process own what sockets.

ESTABLISHED only shows up when there is an actual connection to the port between the localhost and the remote host.

do a man on netstat for more details on what each of the statuses means.

nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
Asad Malik
Frequent Advisor

‎11-27-2000 05:36 PM

‎11-27-2000 05:36 PM

Re: Is the system really secure

In the column "Local Address" of netstat -an command, if it shows like this *.49263 or *.53341 and these port numbers does not exists in the /etc services file. Will there be a connection?
Does the service has to be mentioned in /etc/services file and configured in /etc/inetd.conf file.
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

‎11-27-2000 09:28 PM

‎11-27-2000 09:28 PM

Re: Is the system really secure

Asad:

Yes, there is a program running that is listening on ports 49263 and 53341- it is not necessary for the port to be listed in /etc/services or listed in inetd.conf before it is used by a program.

The way to confirm what program is listening on the identified ports, download lsof from http://hpux.ee.ualberta.ca/hppd/hpux/Sysadmin/lsof-4.51/
you can use lsof to determine what files and ports are opened but what process.

nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
CHRIS_ANORUO
Honored Contributor

‎11-28-2000 04:03 AM

‎11-28-2000 04:03 AM

Re: Is the system really secure

In addition to Kofi's contribution, the ports in use both for local addresses and foreign addresses are the numbers after the addresses. (e.g. w.x.y.z.number). Where w.x.y.z is ip address.

When We Seek To Discover The Best In Others, We Somehow Bring Out The Best In Ourselves.
0 Kudos
Reply
Asad Malik
Frequent Advisor

‎11-28-2000 05:27 AM

‎11-28-2000 05:27 AM

Re: Is the system really secure

Hi Guys
One last point to clear. if a port is open and state is LISTEN, will a connection only be established on that port for the service that is configured in /etc/inetd.conf file.
Or the said port can be used to access the system in some other way.
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

‎11-28-2000 05:37 AM

‎11-28-2000 05:37 AM

Re: Is the system really secure

Once the port is open, it does not have to be defined in /etc/inetd.conf before it can be connected to remotely.

if you do a
telnet localhost port
(where port is the port number it is listening on) you should get a connection - the results might not mean anything to you if you do not know what program is running on that port... that is why if you use lsof to find out what is running on that port, you can better know what to expect.
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.