Possible internet vulnerability?
Forum: Other Help Topics
Topic: Possible internet vulnerability?
started by: buzzard
Posted by buzzard on June 04 2008,02:52The ShieldsUp scanner
< https://www.grc.com/x/ne.dll?bh0bkyd2 >
has detected that my computer (DSL 3) has port 68 open. (bootstrap protocol)
< https://www.grc.com/port_68.htm >
I've yet to have any trouble from this, but could future hackers get in through it?
(oh, and for those of you with windows, go to sheildsup and see what it finds)
Posted by Jason W on June 04 2008,03:00From what I understand port 68 must be left open to have a dynamic IP addres received through DHCP. And that it is quite normal.
Posted by roberts on June 04 2008,03:02Port 68 is from the pump -i eth0 used to fetch an IP.
If that is a concern to you then add
to your /opt/bootlocal.sh after obtaining your IP.
Port 68 will be closed.
Posted by buzzard on June 04 2008,03:22Wow, that was quick!
If DHCP get-address is all its for, that sounds safe enough.
I might go ahead and kill the pump anyway, though, since I use
an arcane dialup modem for internet, and set my lan address
with ifconfig eth0 192.168.x.x
Posted by curaga on June 04 2008,11:06You could also add "nodhcp" to boot codes to stop pump from starting at all.
Posted by lucky13 on June 04 2008,14:55As already described, it's not a vulnerability. One thing you can do to check on any port to see what's happening is:
netstat -anp | grep N
where N is the port number. So if N=68, you would get back a line that looks like this:
tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN
(with portnumber and process after LISTEN if you're root)
...and you'll also get back any other network information with "68" in it (which could be a lot if you're connected to a LAN like you are - 192.168.x.x since grep will catch every line with 68).
Posted by meo on June 04 2008,17:28Hi buzzard!
If you would like to check the port the way mentioned in the previous post and haven't installed gnu-utils I think it should be like this:
netstat -an | grep 68
or whatever port you want to check. Otherwise you would just get a busybox error (if you haven't dropped the p).
Have fun everybody out there,