1 |
2008/4/6 Kyle Liddell <kyle@××××××××××××××××.net>: |
2 |
> Have you tried passing the -p option to netstat? That should show you what program/pid opened each port. |
3 |
> |
4 |
> |
5 |
> On Sun, Apr 06, 2008 at 10:51:47PM +0200, Julien Cassette wrote: |
6 |
> > Hi, |
7 |
> > I see many lines similar to these ones in my netstat: |
8 |
> > |
9 |
> > tcp 0 0 localhost:9050 localhost:48065 |
10 |
> > TIME_WAIT - |
11 |
> > |
12 |
> |
13 |
> > Is it a security issue? |
14 |
> > |
15 |
> > Regards. |
16 |
> -- |
17 |
> gentoo-amd64@l.g.o mailing list |
18 |
> |
19 |
> |
20 |
|
21 |
Yes, I tried but obviously these sockets aren't owned by a particular program. |
22 |
See http://rafb.net/p/l7Ykp653.html |
23 |
|
24 |
|
25 |
2008/4/7 Duncan <1i5t5.duncan@×××.net>: |
26 |
> "Julien Cassette" <hazynrg@×××××.com> posted |
27 |
> 5c4f3a5c0804061351o7ab513d3u3934e26bf11104b8@××××××××××.com, excerpted |
28 |
> below, on Sun, 06 Apr 2008 22:51:47 +0200: |
29 |
> |
30 |
> Please kill the crap HTML. /That/ is a security issue, and folks aware |
31 |
> of it won't be using a (local at least) client that parses it let alone |
32 |
> spits it out, for that reason. The raw HTML then looks like crap, as the |
33 |
> above should demonstrate. |
34 |
|
35 |
I didn't know about this issue. |
36 |
And since GMail doesn't specify that I'm writing in HTML or text only, |
37 |
I just disabled advanced formatting but I'm not sure if it disables |
38 |
HTML. |
39 |
|
40 |
|
41 |
> Normally you'd not have so many localhost entries, but when you run a |
42 |
> local proxy (FWIW, I run privoxy here, but not tor, so am used to seeing |
43 |
> them from that), you do tend to get more as other things run thru it. If |
44 |
> you run a privoxy/tor chain, you'll have even more as you'll have both the |
45 |
> app/privoxy and the privoxy/tor connections, all on localhost (with the |
46 |
> tor/world connections as well, but those aren't localhost and would be |
47 |
> the same as direct app/world connections where no local proxy is used). |
48 |
> |
49 |
> Then there's the connection status. TIME_WAIT indicates a connection |
50 |
> that has been completed and mostly torn down, except the system has a |
51 |
> timeout on the final piece of the tear-down to keep anything else from |
52 |
> trying to use the same socket during the period packets may still be in |
53 |
> transit, thus keeping any potential new connection from getting mixed up |
54 |
> by packets arriving for the old one. That's why the sent/received count |
55 |
> is zero -- the connection is already torn down and the sent/received |
56 |
> information lost -- it's just waiting for the timeout. (This paragraph |
57 |
> may not be absolutely correct and definitely lacks detail, but it should |
58 |
> be sufficient from a security aware sysadmin's point of view, the way I |
59 |
> and presumably you approach it. If you want technically correct, the |
60 |
> RFCs are freely available. =8^) |
61 |
> |
62 |
|
63 |
OK, thanks =) |
64 |
-- |
65 |
gentoo-amd64@l.g.o mailing list |