Re: a privat thing

Mon, 22 Jan 2001 04:14:24 -0800 

Kristofer Wolff wrote:
> 
> hi all perlers and admins,
> 
> i was wandering how my system works sometimes. Things happend, that let me
> suppose that someone is hacking me. so the first thing i was do is to check
> up all ports. I build up a routine in perl:
> 
> use Socket;
> 
> for($port=1;$port<=9999;$port++)
> {
>         if(open_TCP(F, "localhost", $port) == undef)
>         {
>                 print "... Verbindung zum Port $port fehlgeschlagen\r";
>         }
>         else
>         {
>                 print "PORT: $port offen
> \n";
>         }
> }
> 
> sub open_TCP
> {
>         my($FS, $dest, $port) = @_;
>         my $proto = getprotobyname('tcp');
>         socket($FS, PF_INET, SOCK_STREAM, $proto);
>         my $sin = sockaddr_in($port, inet_aton($dest));
>         connect($FS, $sin) || return undef;
>         my $old_fh = select($FS);
>         $| = 1;
>         select($old_fh);
>         1;
> }
> 
> now, the output shows on my system:
> 
> C:\>porttest.pl
> PORT: 7 offen
> PORT: 9 offen
> PORT: 13 offen
> PORT: 17 offen
> PORT: 19 offen
> PORT: 135 offen
> PORT: 1028 offen
> PORT: 1029 offen
> 
> I want to ask you, if you know what is on port 1028 and 1029 ??? I cant find
> enything about "well known ports" for 1028 and 1029... maybe this is the
> troyaner ?
> 
> by the way... is it possible to close open ports with perl ?

Have you tried 'netstat -a' ?

The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535

I believe that the OS can start using ports from 1024 up to n and non-priveleged 
users can use n up to 65K.  The value of n may vary by system (I thought UNIX 
used 5000 quite a bit).  So I believe your OS could use 1028/9 as dynamic 
ports, but I'm not sure.  A non-root user could normally never use ports that low.

-- 
  ,-/-  __      _  _         $Bill Luebkert   ICQ=14439852
 (_/   /  )    // //       DBE Collectibles   http://www.todbe.com/
  / ) /--<  o // //      Mailto:[EMAIL PROTECTED] http://dbecoll.webjump.com/
-/-' /___/_<_</_</_    http://www.freeyellow.com/members/dbecoll/
_______________________________________________
Perl-Win32-Web mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-web

Reply via email to