Mark Sargent wrote:
David Curry wrote:
Mark Sargent wrote:
In part, yes. The question had dual context. One dimension was whether your situation arose from being hacked. The other more general context was whther or not dual listening on a port presented an opportunity for security exploit.David Curry wrote:
Andy Green wrote:
But I am still bemused by the two listening sockets on the same port
being possible. Maybe it is some kind of cool load balancing feature I
never heard of. Can anyone else here explain how it can be?
- -Andy
May be this is a dumb question from a clueless neophyte, but does the phenomenon constitute a security problem that needs to be addressed?
Hi All,
David, do you mean as to how the file /etc/xine.conf came to have the data regarding tftp.? It is rather interesting that it did, as I most certainly didn't add it. I even reproduced the installation process, of both the rpm install, and the original install, via yum, and neither add anything to the .conf of xinetd. They only add tftp files to xinetd.d. Cheers.
Mark Sargent.
Hi All,
ok, I'm gonna go a little off-topic here, maybe. When I 1st started at this company 3mths ago, about the 2nd week, I think, I posted a lot on Cisco's forums, as I was hired by a hardware reseller to reinstall/reset to defaults etc Cisco switches/routers. Now, I'm not a pro, as I was intro'd to this job by 2 friends, both CCNPs who work in IT here in Tokyo. They know the shop owner. Anyway, back to that 2nd week, and after I had posted something on Cisco's forum, I think perhaps the next day, I did a google for something that was similar to the post I had posted. Anyway, that post, or part of it, appeared as one of goolge's finds, only, that the post had this as the lead in to what "I" had "wrote". "If only my employer knew how long I was spending on the cisco forums". And the rest was from my post. Now, I thought, woah, what the.....but, well, just put it down to, well, something weird. Anyway, I don't know if it's related or not. My firm has no real data that is worth hacking, that I can think of, but, well, one never knows. My PC is running Firestarter and is also behind a router with it's firewall set. I've even tested it at the security testing sites. Ah, well, as I said, probably off-topic, eh. Cheers.
Mark Sargent.
Hi All,
well, this just keeps improving. Now, with only 1 instance of xinetd listening on port 69 udp and tftp definitely installed,
[root@localhost ~]# netstat -nutlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22273 0.0.0.0:* LISTEN 5254/jserver
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN 4651/rpc.statd
tcp 0 0 0.0.0.0:2500 0.0.0.0:* LISTEN 5112/xinetd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 5297/mysqld
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 5112/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4631/portmap
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 5467/perl
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4938/cupsd
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 4904/mDNSResponder
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 5132/sendmail: acce
tcp 0 0 :::80 :::* LISTEN 5163/httpd
tcp 0 0 :::22 :::* LISTEN 5101/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 4651/rpc.statd
udp 0 0 0.0.0.0:10000 0.0.0.0:* 5467/perl
udp 0 0 0.0.0.0:69 0.0.0.0:* 5112/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 4904/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:* 4904/mDNSResponder
udp 0 0 0.0.0.0:111 0.0.0.0:* 4631/portmap
udp 0 0 0.0.0.0:1011 0.0.0.0:* 4651/rpc.statd
udp 0 0 0.0.0.0:631 0.0.0.0:* 4938/cupsd
[root@localhost ~]# cat /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer # protocol. The tftp protocol is often used to boot diskless # workstations, download configuration files to network-aware printers, # and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@localhost ~]# cd /usr/sbin
[root@localhost sbin]# ls
accept nfsstat
accton nhfsgraph
acpid nhfsnums
adduser nhfsrun
adsl-connect nhfsstone
adsl-setup nmbd
adsl-start nscd
adsl-status nstat
adsl-stop ntpd
alsactl ntpdate
alternatives ntpdc
anacron ntp-keygen
apachectl ntpq
apmd ntptime
arping ntptrace
atd ntp-wait
atrun ntsysv
authconfig packer
automount pcbitctl
avcstat ping6
avmcapictrl pmap_dump
bonobo-activation-sysconf pmap_set
build-locale-archive pppd
cannakill pppdump
cannaserver pppoe
capiinit pppoe-relay
capinfos pppoe-server
chat pppoe-sniff
chkfontpath pppstats
chpasswd praliases
chroot prelink
clockdiff printconf
convertquota printconf-backend
cpfs.reiserfs printconf-tui
cpuspeed pvchange
crond pvcreate
cupsaccept pvdisplay
cupsaddsmb pvmove
cupsd pvremove
cupsreject pvresize
dbconverter-2 pvs
dbskkd-cdb pvscan
ddcprobe pwck
dftest pwconv
dhcpd pwmconfig
dhcrelay pwunconv
dmidecode qtparted
dongle_attach quotastats
dump-acct ramsize
dump-utmp rcapid
editcap rdev
edquota rdistd
ethereal readahead
ethtool readprofile
execcap reject
exportfs repquota
ext2online resizefs.reiserfs
fancontrol rhn_check
fancontrol.pl rhn_register
fbset rhnreg_ks
filefrag rhnsd
findchip rootflags
firestarter rotatelogs
firstboot rpc.gssd
fix-mouse-psaux rpc.idmapd
foomatic-addpjloptions rpcinfo
foomatic-fix-xml rpc.mountd
foomatic-getpjloptions rpc.nfsd
foomatic-kitload rpc.rquotad
foomatic-nonumericalids rpc.svcgssd
foomatic-ppdload rtacct
foomatic-preferred-driver rtstat
foomatic-printermap-to-gimp-print-xml run_init
foomatic-replaceoldprinterids run_qtparted
fstab-sync sa
gdmconfig safe_finger
gdm-restart saned
gdm-safe-restart sasl2-shared-mechlist
gdmsetup sasl2-static-mechlist
gdm-stop saslauthd
genhomedircon saslauthd1-checkpass
getenforce sasldblistusers
getpcaps sasldblistusers2
getsebool saslpasswd
glibc_post_upgrade saslpasswd2
glibc_post_upgrade.i686 selinuxenabled
gnome-pty-helper sendmail
gpm sendmail.sendmail
groupadd sensors-detect
groupdel serviceconf
groupmod sesh
grpck sestatus
grpconv setenforce
grpunconv setfiles
hald setpcaps
hardlink setquota
hisaxctrl setsebool
hotsmtpd setup
hotwayd showmount
htt siggen
httpd smartctl
httpd.worker smartd
htt_server smartd-conf.py
hwclock smbd
i2cdetect smrsh
i2cdump snmpd
i2cset snmptrapd
ibod ss
icnctrl sshd
iconvconfig stunnel
iconvconfig.i686 sucap
idl2eth suexec
imon system-cdinstall-helper
imontty system-config-kickstart
inetdconvert system-config-network
inputattach system-config-network-cmd
internet-druid system-config-network-druid
in.tftpd system-config-network-gui
ipppd system-config-network-tui
ipppstats system-config-packages
iprofd system-config-printer
irattach system-config-printer-tui
irdaping system-config-services
irqbalance system-install-packages
isadump sys-unconfig
isaset tcpd
isdnctrl tcpdump
isdndial tcpslice
isdnhangup testsaslauthd
isdnlog tethereal
isdnstatus text2pcap
javaconfig tickadj
kbdrate timeconfig
ksconfig tmpwatch
kudzu togglesebool
lchage tracepath
lgroupadd tracepath6
lgroupdel traceroute
lgroupmod traceroute6
libgcc_post_upgrade tripwire
lid try-from
lnewusers tunefs.reiserfs
load_policy tunelp
lockdev twadmin
logrotate twprint
logwatch up2date
lokkit up2date-config
longrun up2date-nox
loopctrl update-alternatives
lpadmin useradd
lpasswd userdel
lpc userhelper
lpc.cups userisdnctl
lpinfo usermod
lpmove usernetctl
lsof utempter
luseradd vboxd
luserdel vgcfgbackup
lusermod vgcfgrestore
lvchange vgchange
lvcreate vgck
lvdisplay vgconvert
lvextend vgcreate
lvm vgdisplay
lvmchange vgexport
lvmdiskscan vgextend
lvmsadc vgimport
lvmsar vgmerge
lvreduce vgmknodes
lvremove vgreduce
lvrename vgremove
lvresize vgrename
lvs vgs
lvscan vgscan
mailstats vgsplit
makemap vidmode
mergecap vigr
mkdict vipw
mklost+found visudo
mksock warnquota
mkzonedb winbindd
modeline2fb x86info
module_upgrade xinetd
mouseconfig yppoll
mtr ypset
neat yptest
neat-tui zdump
netconfig zic
newusers
it is now not working. If I try to put a file from say host pc /tftptest to /tftpboot or if I try to upload a file from a switch nothing happens,
Switch#copy start tftp Address or name of remote host []? 192.168.168.12 Destination filename [switch-confg]? Switch#
[root@localhost ~]# tftp tftp> connect (to) 192.168.168.12 tftp> status Connected to 192.168.168.12. Mode: netascii Verbose: off Tracing: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> put /tftptest /tftpboot tftp>
Now, I can definitely ping from/to the pc/switch. Firewall allows connection. /tftptest permissions,
[root@localhost ~]# ls -alh /tftptest -rwxrwxrwx 1 root root 0 Apr 7 13:20 /tftptest
Does someone upstairs not want me to be able to tftp..? Driving me nutz. Cheers.
Mark Sargent.
