LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : justin@sprawl.com.au
  Date: Sat, 6 Nov 1999 17:56:03 +1030

Re: UDP port 752 does what?

Justin,

I am continually surprised by the huge number of
very useful tools in linux.
I didn't even know about this "lsof" function.
This also makes me wonder how many hundreds of
other functions are out there waiting for
discovery.

Anyway, I tried the lsof command as you stated,
and got:

==============================================
emu emu/akenning# lsof -i UDP:752
COMMAND   PID USER   FD   TYPE DEVICE SIZE NODE NAME
rpc.mount 151 root    5u  inet    127       UDP *:752
emu emu/akenning#
==============================================

I guess this means that a mount daemon is listening
on port 752, and that's waht replied to the attacker.
That clarifies the situation completely.

The log file had huge messages about what
the attacker tried to mount -- file names
consisting of about 1000 binary chars,
obviously an attempt to execut something on
and overflowed stack. Some OS somewhere must
be vulnerable to this.

Regards,
and thanks...
Alan Kennington.

PS. It's going to take me a week to
wade through all the other options of "lsof".

-- 
Check out the LinuxSA web pages at http://www.linuxsa.org.au/
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject