LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > AIX
User Name
Password
AIX This forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.

Notices

Reply
 
Search this Thread
Old 10-07-2004, 12:49 AM   #1
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Rep: Reputation: 30
Curious open port on AIX 4.3.3 - RS/6000


Greetings,

I am running AIX 4.3.3...i just tried nmap'ing this rs/6000 box from another machine and the
following ports appear to be open:

PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh
25/tcp open smtp
37/tcp open time
199/tcp open smux
587/tcp open submission
683/tcp open unknown
684/tcp open unknown
2049/tcp open nfs
2401/tcp open cvspserver
6112/tcp open dtspc
32777/tcp open sometimes-rpc17


Now I know that ssh (22) and nfs (2049) should be running...but what the heck are the rest of
these? Any thoughts, using aix commands, on how to decipher them?? I know that i should not
be running any kind of cvs server...

I ran rkhunter (v: 1.1.2) and nothing indicated a rooted hit of any kind...all the typical commands
looked fine (ps, w, ls, etc...)


I also wanted to look at the routing table: netstat -rn

# netstat -rn
Routing tables
Destination Gateway Flags Refs Use If PMTU Exp Groups

Route Tree for Protocol Family 2 (Internet):
default 1XX.XXX.XX.X UGc 0 0 en1 - -
--- some lines deleted... ----
82.53.90.249 1XX.XXX.XX.X UGHW 1 17 en1 - -
127/8 127.0.0.1 U 3 114956 lo0 - -

note: 1XX.XXX.XX.X = my normal gateway IP address.

The IP ADDRESS: 82.53.90.249 seems odd...i did a whois -v on it and it came up in ITALY...
and I am NOT in Italy. Does this mean that the machine is 'routed' through this italian ip
address???

any help is greatly appreciated...


zepp
 
Old 10-07-2004, 12:15 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
The entry you're looking at is a host entry (the H flag in UGHW), so all that routing entry is doing is telling the system that for traffic to 82.53.90.249, use your normal gateway as the gateway for the connection (the second field of the routing table is the gateway to use). Why you have a routing entry for some random host in Italy, I really couldn't tell you. You can always delete the entry from the routing table and keep an eye on it to see if it re-appears. But by itself, it isn't doing anything malicious that your system wouldn't normal do.
 
Old 10-07-2004, 12:17 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Moved: This thread is more suitable in the AIX Forum and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 10-07-2004, 12:54 PM   #4
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Original Poster
Rep: Reputation: 30
thanks for help capt...

Any thoughts on the open ports? Anything I should look for?? I always have a more
difficult time parsing ports and determining the current "actionables" on aix boxes,
then in linux...

thanks to one and all that can help...

zepp
 
Old 10-07-2004, 01:51 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Take a look at /etc/inetd.conf and comment out all the un-needed services (time,daytime,echo,chargen,etc are common services in *nix that you can usually shutoff). I'm not an AIX-guy, so I'm not that familiar with it or it's NFS implementation. You might have some luck identifying the unknowns using lsof -i or netstat -pa and track them down by their PID number. This might give you a little more AIX-centric help than I can offer:

http://www.blacksheepnetworks.com/se...-services.html
 
Old 10-07-2004, 02:34 PM   #6
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Original Poster
Rep: Reputation: 30
Capt once again provides THIS user with a wealth of useful information.

I have closed many of the open ports and look forward to a better night sleep (this
time with just one eye open... )

If anyone else can provide further references/help with the aix security I am very
eager to learn...this os has constantly been a source of thorns in the side regarding
its security...largely due to inexperience. Thanks

zep
 
Old 10-07-2004, 08:36 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Glad I could help you out

Out of curiousity, how does is compare to other unixes that you've used (BSD, Solaris, IRIX, etc)?
 
Old 10-07-2004, 11:00 PM   #8
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Original Poster
Rep: Reputation: 30
(Un)fortunately i haven't had alot of experience with other Unixes...I've used IRIX
a bit, but haven't spent alot of time with it.

One other question:

after commenting out several lines in the /etc/inetd.conf file...i typed: refresh -s
inetd

and i got the error:

# 0513-056 Timeout waiting for command response. If you specified a foreign host, see the /etc/inittab file on the foreign host to verify that the SRC daemon
(srcmstr) was started with the -r flag to accept remote requests.

I've never seen this error before...I tried uncommenting the lines i commented
in /etc/inetd.conf and no luck...it remains there.

Any thoughts AIX'ers????
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
stale users on AIX 4.3.3 RS/6000 zepplin611 AIX 10 12-21-2009 05:59 AM
open x11 and port 6000 for listening ccin1492 Suse/Novell 0 10-12-2005 06:31 PM
AIX for RS/6000 7043-240 TimP AIX 5 03-26-2005 11:30 AM
Old School AIX on a newer RS/6000? NOTORIOUS VR AIX 17 02-15-2005 10:28 AM
AIX 5.2 install on RS/6000 140 Pseries intianjum AIX 2 11-24-2004 03:27 PM


All times are GMT -5. The time now is 02:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration