xinetd.d listening twice on port 69
Mark Sargent
powderkeg at snow.email.ne.jp
Thu Apr 7 04:25:27 UTC 2005
Mark Sargent wrote:
> David Curry wrote:
>
>> Mark Sargent wrote:
>>
>>> David Curry wrote:
>>>
>>>> Andy Green wrote:
>>>>
>>>>>
>>>>> But I am still bemused by the two listening sockets on the same port
>>>>> being possible. Maybe it is some kind of cool load balancing
>>>>> feature I
>>>>> never heard of. Can anyone else here explain how it can be?
>>>>>
>>>>> - -Andy
>>>>
>>>>
>>>>
>>>>
>>>> May be this is a dumb question from a clueless neophyte, but does
>>>> the phenomenon constitute a security problem that needs to be
>>>> addressed?
>>>>
>>> Hi All,
>>>
>>> David, do you mean as to how the file /etc/xine.conf came to have
>>> the data regarding tftp.? It is rather interesting that it did, as I
>>> most certainly didn't add it. I even reproduced the installation
>>> process, of both the rpm install, and the original install, via yum,
>>> and neither add anything to the .conf of xinetd. They only add tftp
>>> files to xinetd.d. Cheers.
>>>
>>> Mark Sargent.
>>>
>> In part, yes. The question had dual context. One dimension was
>> whether your situation arose from being hacked. The other more
>> general context was whther or not dual listening on a port presented
>> an opportunity for security exploit.
>>
> Hi All,
>
> ok, I'm gonna go a little off-topic here, maybe. When I 1st started at
> this company 3mths ago, about the 2nd week, I think, I posted a lot
> on Cisco's forums, as I was hired by a hardware reseller to
> reinstall/reset to defaults etc Cisco switches/routers. Now, I'm not a
> pro, as I was intro'd to this job by 2 friends, both CCNPs who work in
> IT here in Tokyo. They know the shop owner. Anyway, back to that 2nd
> week, and after I had posted something on Cisco's forum, I think
> perhaps the next day, I did a google for something that was similar to
> the post I had posted. Anyway, that post, or part of it, appeared as
> one of goolge's finds, only, that the post had this as the lead in to
> what "I" had "wrote". "If only my employer knew how long I was
> spending on the cisco forums". And the rest was from my post. Now, I
> thought, woah, what the.....but, well, just put it down to, well,
> something weird. Anyway, I don't know if it's related or not. My firm
> has no real data that is worth hacking, that I can think of, but,
> well, one never knows. My PC is running Firestarter and is also behind
> a router with it's firewall set. I've even tested it at the security
> testing sites. Ah, well, as I said, probably off-topic, eh. Cheers.
>
> Mark Sargent.
>
Hi All,
well, this just keeps improving. Now, with only 1 instance of xinetd
listening on port 69 udp and tftp definitely installed,
[root at localhost ~]# netstat -nutlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign
Address State PID/Program name
tcp 0 0 0.0.0.0:22273
0.0.0.0:* LISTEN 5254/jserver
tcp 0 0 0.0.0.0:32769
0.0.0.0:* LISTEN 4651/rpc.statd
tcp 0 0 0.0.0.0:2500
0.0.0.0:* LISTEN 5112/xinetd
tcp 0 0 0.0.0.0:3306
0.0.0.0:* LISTEN 5297/mysqld
tcp 0 0 0.0.0.0:110
0.0.0.0:* LISTEN 5112/xinetd
tcp 0 0 0.0.0.0:111
0.0.0.0:* LISTEN 4631/portmap
tcp 0 0 0.0.0.0:10000
0.0.0.0:* LISTEN 5467/perl
tcp 0 0 127.0.0.1:631
0.0.0.0:* LISTEN 4938/cupsd
tcp 0 0 127.0.0.1:5335
0.0.0.0:* LISTEN 4904/mDNSResponder
tcp 0 0 127.0.0.1:25
0.0.0.0:* LISTEN 5132/sendmail: acce
tcp 0 0 :::80
:::* LISTEN 5163/httpd
tcp 0 0 :::22
:::* LISTEN 5101/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:*
4651/rpc.statd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 5467/perl
udp 0 0 0.0.0.0:69 0.0.0.0:*
5112/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:*
4904/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:*
4904/mDNSResponder
udp 0 0 0.0.0.0:111 0.0.0.0:*
4631/portmap
udp 0 0 0.0.0.0:1011 0.0.0.0:*
4651/rpc.statd
udp 0 0 0.0.0.0:631 0.0.0.0:* 4938/cupsd
[root at localhost ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file
transfer # protocol. The tftp protocol is often used to boot diskless
# workstations, download configuration files to network-aware
printers, # and to start the installation process for some operating
systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root at localhost ~]# cd /usr/sbin
[root at localhost sbin]# ls
accept nfsstat
accton nhfsgraph
acpid nhfsnums
adduser nhfsrun
adsl-connect nhfsstone
adsl-setup nmbd
adsl-start nscd
adsl-status nstat
adsl-stop ntpd
alsactl ntpdate
alternatives ntpdc
anacron ntp-keygen
apachectl ntpq
apmd ntptime
arping ntptrace
atd ntp-wait
atrun ntsysv
authconfig packer
automount pcbitctl
avcstat ping6
avmcapictrl pmap_dump
bonobo-activation-sysconf pmap_set
build-locale-archive pppd
cannakill pppdump
cannaserver pppoe
capiinit pppoe-relay
capinfos pppoe-server
chat pppoe-sniff
chkfontpath pppstats
chpasswd praliases
chroot prelink
clockdiff printconf
convertquota printconf-backend
cpfs.reiserfs printconf-tui
cpuspeed pvchange
crond pvcreate
cupsaccept pvdisplay
cupsaddsmb pvmove
cupsd pvremove
cupsreject pvresize
dbconverter-2 pvs
dbskkd-cdb pvscan
ddcprobe pwck
dftest pwconv
dhcpd pwmconfig
dhcrelay pwunconv
dmidecode qtparted
dongle_attach quotastats
dump-acct ramsize
dump-utmp rcapid
editcap rdev
edquota rdistd
ethereal readahead
ethtool readprofile
execcap reject
exportfs repquota
ext2online resizefs.reiserfs
fancontrol rhn_check
fancontrol.pl rhn_register
fbset rhnreg_ks
filefrag rhnsd
findchip rootflags
firestarter rotatelogs
firstboot rpc.gssd
fix-mouse-psaux rpc.idmapd
foomatic-addpjloptions rpcinfo
foomatic-fix-xml rpc.mountd
foomatic-getpjloptions rpc.nfsd
foomatic-kitload rpc.rquotad
foomatic-nonumericalids rpc.svcgssd
foomatic-ppdload rtacct
foomatic-preferred-driver rtstat
foomatic-printermap-to-gimp-print-xml run_init
foomatic-replaceoldprinterids run_qtparted
fstab-sync sa
gdmconfig safe_finger
gdm-restart saned
gdm-safe-restart sasl2-shared-mechlist
gdmsetup sasl2-static-mechlist
gdm-stop saslauthd
genhomedircon saslauthd1-checkpass
getenforce sasldblistusers
getpcaps sasldblistusers2
getsebool saslpasswd
glibc_post_upgrade saslpasswd2
glibc_post_upgrade.i686 selinuxenabled
gnome-pty-helper sendmail
gpm sendmail.sendmail
groupadd sensors-detect
groupdel serviceconf
groupmod sesh
grpck sestatus
grpconv setenforce
grpunconv setfiles
hald setpcaps
hardlink setquota
hisaxctrl setsebool
hotsmtpd setup
hotwayd showmount
htt siggen
httpd smartctl
httpd.worker smartd
htt_server smartd-conf.py
hwclock smbd
i2cdetect smrsh
i2cdump snmpd
i2cset snmptrapd
ibod ss
icnctrl sshd
iconvconfig stunnel
iconvconfig.i686 sucap
idl2eth suexec
imon system-cdinstall-helper
imontty system-config-kickstart
inetdconvert system-config-network
inputattach system-config-network-cmd
internet-druid system-config-network-druid
in.tftpd system-config-network-gui
ipppd system-config-network-tui
ipppstats system-config-packages
iprofd system-config-printer
irattach system-config-printer-tui
irdaping system-config-services
irqbalance system-install-packages
isadump sys-unconfig
isaset tcpd
isdnctrl tcpdump
isdndial tcpslice
isdnhangup testsaslauthd
isdnlog tethereal
isdnstatus text2pcap
javaconfig tickadj
kbdrate timeconfig
ksconfig tmpwatch
kudzu togglesebool
lchage tracepath
lgroupadd tracepath6
lgroupdel traceroute
lgroupmod traceroute6
libgcc_post_upgrade tripwire
lid try-from
lnewusers tunefs.reiserfs
load_policy tunelp
lockdev twadmin
logrotate twprint
logwatch up2date
lokkit up2date-config
longrun up2date-nox
loopctrl update-alternatives
lpadmin useradd
lpasswd userdel
lpc userhelper
lpc.cups userisdnctl
lpinfo usermod
lpmove usernetctl
lsof utempter
luseradd vboxd
luserdel vgcfgbackup
lusermod vgcfgrestore
lvchange vgchange
lvcreate vgck
lvdisplay vgconvert
lvextend vgcreate
lvm vgdisplay
lvmchange vgexport
lvmdiskscan vgextend
lvmsadc vgimport
lvmsar vgmerge
lvreduce vgmknodes
lvremove vgreduce
lvrename vgremove
lvresize vgrename
lvs vgs
lvscan vgscan
mailstats vgsplit
makemap vidmode
mergecap vigr
mkdict vipw
mklost+found visudo
mksock warnquota
mkzonedb winbindd
modeline2fb x86info
module_upgrade xinetd
mouseconfig yppoll
mtr ypset
neat yptest
neat-tui zdump
netconfig zic
newusers
it is now not working. If I try to put a file from say host pc /tftptest
to /tftpboot or if I try to upload a file from a switch nothing happens,
Switch#copy start tftp
Address or name of remote host []? 192.168.168.12
Destination filename [switch-confg]?
Switch#
[root at localhost ~]# tftp
tftp> connect
(to) 192.168.168.12
tftp> status
Connected to 192.168.168.12.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> put /tftptest /tftpboot
tftp>
Now, I can definitely ping from/to the pc/switch. Firewall allows
connection. /tftptest permissions,
[root at localhost ~]# ls -alh /tftptest
-rwxrwxrwx 1 root root 0 Apr 7 13:20 /tftptest
Does someone upstairs not want me to be able to tftp..? Driving me nutz.
Cheers.
Mark Sargent.
More information about the users
mailing list