On Wed, 6 Nov 2002, Jan Schenkel wrote:

> Hi all,
>
> The old MacIIci is still happily chugging along. Just wanting to make sure
> the firewall was as tight as it could be (inetd=NO ; then some ipfilter and
> ipnat rules), I steered my browser towards unixcircle.com and did a portscan
> on the netbsd box. Here's the result:

I think you don't need inetd=NO. By default NetBSD's inetd.conf ships with
everything turned off.

> 23/tcp filtered telnet
> 514/tcp open shell

Something weird is happening. telnet and shell (rsh) are supposed to be
started by inetd, which 1) shouldn't have them turned on unless you did
it, and 2) shouldn't be running if I understand you.

> 8080/tcp filtered http-proxy
> 8081/tcp filtered blackice-icecap

To figure out what's up with these two, try this:

netstat -Aa -f inet | more

then look for the ones on 8080 and 8081. Here's some sample output (from
an x86, but this part's the same):

Active Internet connections (including servers)
PCB      Proto Recv-Q Send-Q  Local Address      Foreign Address    State
c0a273bc tcp        0      0  *.ssh              *.*                LISTEN
c0a27144 tcp        0      0  *.printer          *.*                LISTEN
c0a04c5c tcp        0      0  *.nfs              *.*                LISTEN

So let's track down the process on the "printer" port (which is lpd).

To do that, use fstat and grep to look for the number in the PCB column
above. "fstat | grep c0a27144" give:

root     lpd          203    7* internet stream tcp c0a27144 *:515

Looking at the first line of fstat output, the column labels are:

USER     CMD          PID   FD MOUNT       INUM MODE         SZ|DV R/W

So the "fstat | grep c0a27144" means root is running the "lpd" command in
process 203 that lis listening on socket *:515. Oh, and its fd 7 in that
process.

Take care,

Bill