| 1 |
2008/4/6 Kyle Liddell <kyle@××××××××××××××××.net>: |
| 2 |
> Have you tried passing the -p option to netstat? That should show you what program/pid opened each port. |
| 3 |
> |
| 4 |
> |
| 5 |
> On Sun, Apr 06, 2008 at 10:51:47PM +0200, Julien Cassette wrote: |
| 6 |
> > Hi, |
| 7 |
> > I see many lines similar to these ones in my netstat: |
| 8 |
> > |
| 9 |
> > tcp 0 0 localhost:9050 localhost:48065 |
| 10 |
> > TIME_WAIT - |
| 11 |
> > |
| 12 |
> |
| 13 |
> > Is it a security issue? |
| 14 |
> > |
| 15 |
> > Regards. |
| 16 |
> -- |
| 17 |
> gentoo-amd64@l.g.o mailing list |
| 18 |
> |
| 19 |
> |
| 20 |
|
| 21 |
Yes, I tried but obviously these sockets aren't owned by a particular program. |
| 22 |
See http://rafb.net/p/l7Ykp653.html |
| 23 |
|
| 24 |
|
| 25 |
2008/4/7 Duncan <1i5t5.duncan@×××.net>: |
| 26 |
> "Julien Cassette" <hazynrg@×××××.com> posted |
| 27 |
> 5c4f3a5c0804061351o7ab513d3u3934e26bf11104b8@××××××××××.com, excerpted |
| 28 |
> below, on Sun, 06 Apr 2008 22:51:47 +0200: |
| 29 |
> |
| 30 |
> Please kill the crap HTML. /That/ is a security issue, and folks aware |
| 31 |
> of it won't be using a (local at least) client that parses it let alone |
| 32 |
> spits it out, for that reason. The raw HTML then looks like crap, as the |
| 33 |
> above should demonstrate. |
| 34 |
|
| 35 |
I didn't know about this issue. |
| 36 |
And since GMail doesn't specify that I'm writing in HTML or text only, |
| 37 |
I just disabled advanced formatting but I'm not sure if it disables |
| 38 |
HTML. |
| 39 |
|
| 40 |
|
| 41 |
> Normally you'd not have so many localhost entries, but when you run a |
| 42 |
> local proxy (FWIW, I run privoxy here, but not tor, so am used to seeing |
| 43 |
> them from that), you do tend to get more as other things run thru it. If |
| 44 |
> you run a privoxy/tor chain, you'll have even more as you'll have both the |
| 45 |
> app/privoxy and the privoxy/tor connections, all on localhost (with the |
| 46 |
> tor/world connections as well, but those aren't localhost and would be |
| 47 |
> the same as direct app/world connections where no local proxy is used). |
| 48 |
> |
| 49 |
> Then there's the connection status. TIME_WAIT indicates a connection |
| 50 |
> that has been completed and mostly torn down, except the system has a |
| 51 |
> timeout on the final piece of the tear-down to keep anything else from |
| 52 |
> trying to use the same socket during the period packets may still be in |
| 53 |
> transit, thus keeping any potential new connection from getting mixed up |
| 54 |
> by packets arriving for the old one. That's why the sent/received count |
| 55 |
> is zero -- the connection is already torn down and the sent/received |
| 56 |
> information lost -- it's just waiting for the timeout. (This paragraph |
| 57 |
> may not be absolutely correct and definitely lacks detail, but it should |
| 58 |
> be sufficient from a security aware sysadmin's point of view, the way I |
| 59 |
> and presumably you approach it. If you want technically correct, the |
| 60 |
> RFCs are freely available. =8^) |
| 61 |
> |
| 62 |
|
| 63 |
OK, thanks =) |
| 64 |
-- |
| 65 |
gentoo-amd64@l.g.o mailing list |
Archives