Hi,
Just out of curiosity I ran this on my home PC while logged into JDS:
netstat -an | grep LISTEN
and was greeted with output that contained the following snippet:
...
*.64093 *.* 0 0 49152 0 LISTEN
*.33972 *.* 0 0 49152 0 LISTEN
*.56981 *.* 0 0 49152 0 LISTEN
*.49856 *.* 0 0 49152 0 LISTEN
*.39114 *.* 0 0 49152 0 LISTEN
*.54098 *.* 0 0 49152 0 LISTEN
*.36067 *.* 0 0 49152 0 LISTEN
*.53776 *.* 0 0 49152 0 LISTEN
*.58907 *.* 0 0 49152 0 LISTEN
*.33261 *.* 0 0 49152 0 LISTEN
*.36926 *.* 0 0 49152 0 LISTEN
*.55694 *.* 0 0 49152 0 LISTEN
*.53715 *.* 0 0 49152 0 LISTEN
*.59572 *.* 0 0 49152 0 LISTEN
*.62834 *.* 0 0 49152 0 LISTEN
*.52235 *.* 0 0 49152 0 LISTEN
*.61644 *.* 0 0 49152 0 LISTEN
*.41538 *.* 0 0 49152 0 LISTEN
...
Lotsa ephemeral open ports listening on all interfaces! After a little
scripting around pfiles
this is what I get:
...
sockname: AF_INET 0.0.0.0 port: 64093
moinakg 575 1 0 19:37:27 ? 0:01 /usr/lib/gconfd-2 13
sockname: AF_INET 0.0.0.0 port: 36067
moinakg 600 1 0 19:37:30 ? 0:01 gnome-panel
--sm-client-id default1
sockname: AF_INET 0.0.0.0 port: 54098
moinakg 597 1 1 19:37:29 ? 0:05 /usr/bin/metacity
--sm-client-id=default0
sockname: AF_INET 0.0.0.0 port: 39114
moinakg 589 1 0 19:37:28 ? 0:00
/usr/lib/gnome-settings-daemon
sockname: AF_INET 0.0.0.0 port: 53776
moinakg 602 1 0 19:37:30 ? 0:01 nautilus
--no-default-window --sm-client-id default2
sockname: AF_INET 0.0.0.0 port: 36926
moinakg 604 1 0 19:37:30 ? 0:00
/usr/lib/bonobo-activation-server --ac-activate --ior-output-fd=19
sockname: AF_INET 0.0.0.0 port: 55694
moinakg 615 1 0 19:37:32 ? 0:04 /usr/lib/wnck-applet
--oaf-activate-iid=OAFIID:GNOME_Wncklet_Factory --oaf-ior-
sockname: AF_INET 0.0.0.0 port: 33261
moinakg 611 1 0 19:37:30 ? 0:00
/usr/lib/gnome-volume-manager --sm-disable
sockname: AF_INET 0.0.0.0 port: 58907
moinakg 610 1 0 19:37:30 ? 0:00 /usr/lib/gnome-vfs-daemon
sockname: AF_INET 0.0.0.0 port: 62834
moinakg 625 1 0 19:37:32 ? 0:00 /usr/lib/trashapplet
--oaf-activate-iid=OAFIID:GNOME_Panel_TrashApplet_Factory
sockname: AF_INET 0.0.0.0 port: 52235
sockname: AF_INET 0.0.0.0 port: 0
moinakg 617 1 0 19:37:32 ? 0:03
/usr/lib/gnome-netstatus-applet
--oaf-activate-iid=OAFIID:GNOME_NetstatusApplet
sockname: AF_INET 0.0.0.0 port: 61644
moinakg 619 1 0 19:37:32 ? 0:03
/usr/lib/mixer_applet2
--oaf-activate-iid=OAFIID:GNOME_MixerApplet_Factory --oa
sockname: AF_INET 0.0.0.0 port: 53715
moinakg 621 1 0 19:37:32 ? 0:01 /usr/lib/clock-applet
--oaf-activate-iid=OAFIID:GNOME_ClockApplet_Factory --oaf
sockname: AF_INET 0.0.0.0 port: 59572
moinakg 623 1 0 19:37:32 ? 0:00
/usr/lib/notification-area-applet
--oaf-activate-iid=OAFIID:GNOME_NotificationA
...
All the GNOME applets are listening on open ports. I wonder what could
be the purpose.
But this appears to undermine the Secure By Default requirement of not
listening by default
on the external interface.
Regards,
Moinak.
