LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-01-2007, 10:03 AM   #1
rajat83
LQ Newbie
 
Registered: Apr 2007
Posts: 20

Rep: Reputation: 0
netstat to check buffer overflow


Hey folks,
I am a newbie in linux and I m facin a prob of buffer overflow on my specific port suppose 6060 , So I talked to one of my friend he suggest me command netstat --inet -a |grep 6060command to check the overflow ,I get the output pasted below
udp 0 0 *:6060 *:*



But somehow I am not able to detect how can i recognize the overflow.


Then I hv tried one more command netstat -anep| grep 6060
output is udp 1740 0 0.0.0.0:6060 0.0.0.0:* 0 23093916 21961/java

Again I m not able to understand the output.......

If anyone can suugest what is goin on ...then it wud be a gr8 help


Thanx in advance
 
Old 06-03-2007, 11:19 AM   #2
Valkyrie_of_valhalla
Member
 
Registered: Jan 2006
Location: Romania
Distribution: Suse 12.0, Slackware 12.1, Debian, Ubuntu, Gentoo
Posts: 301

Rep: Reputation: 30
well, the netstat command can only help you in identifying the process, the port it listens on and from who does it accept packages.

I can only help you with understanding the output.
udp - the protocol it accepts (it can recieve only udp packages)
1740 - "The count of bytes not copied by the user program connected to this socket." (quote from the man page) - this might suggest a buffer overflow, or the fact that it is still reading and processing the package. Check if the number changes.
0 0.0.0.0:6060 - it accepts packages with any destination if they reach the port 6060 on this computer
0.0.0.0:* - it accepts packages from any computer
0 - it runs as root
23093916 - the program's inode
21961/java - this is the pid and the application of the program listening on this port.

So, are you running any java program? Check the processes you are running, and find out what the problematic program is. This might help http://www.cs.columbia.edu/~akonstan/javaps/

If you find it, see if you really need it. If not, you can disable it. Otherwise, upgrade it, if you are sure there is a security issue. It might be solved in the next release.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Buffer overflow and ip spoofing Ephracis Linux - Security 10 12-07-2004 06:39 PM
What is a buffer overflow Joey.Dale Linux - Security 4 07-12-2004 06:12 PM
Buffer Overflow pymehta Linux - Security 7 02-24-2004 02:19 PM
buffer overflow cxel91a Programming 3 08-14-2003 06:23 PM
Q. What is a buffer overflow? auslew Linux - Security 2 11-08-2002 06:36 AM


All times are GMT -5. The time now is 06:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration