Raw sockets and system compromise

This is a discussion on Raw sockets and system compromise within the Linux Security forums, part of the System Security and Security Related category; I've been trying to secure my Slackware Linux 8.0 system by disabling unneeded services and closing open ports. ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page Raw sockets and system compromise

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-05-2004
Gary Petersen
 
Posts: n/a
Default Raw sockets and system compromise
I've been trying to secure my Slackware Linux 8.0 system
by disabling unneeded services and closing open ports.
I've already enabled ipchains for linux 2.2.19, but
I still want to close down most of the ports.

I'm able to close down all listening ports except for
these (wrapping fixed by me):

# netstat -lp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
raw 0 0 *:icmp *:* 7
-
raw 0 0 *:tcp *:* 7
-

Notice that the program name is not given even with -p.

What are these "raw" ports used for?

Could this be a sign of system compromise?

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 02:49 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0