Possible internet vulnerability?


Forum: Other Help Topics
Topic: Possible internet vulnerability?
started by: buzzard

Posted by buzzard on June 04 2008,02:52
The ShieldsUp scanner
< https://www.grc.com/x/ne.dll?bh0bkyd2 >

has detected that my computer (DSL 3) has port 68 open. (bootstrap protocol)

< https://www.grc.com/port_68.htm >

I've yet to have any trouble from this, but could future hackers get in through it?

(oh, and for those of you with windows, go to sheildsup and see what it finds)

Posted by Jason W on June 04 2008,03:00
From what I understand port 68 must be left open to have a dynamic IP addres received through DHCP.  And that it is quite normal.
Posted by roberts on June 04 2008,03:02
Port 68 is from the pump -i eth0 used to fetch an IP.

If that is a concern to you then add

pkill pump

to your /opt/bootlocal.sh after obtaining your IP.
Port 68 will be closed.

Posted by buzzard on June 04 2008,03:22
Wow, that was quick!

Quote (Jason W @ June 04 2008,03:00)
From what I understand port 68 must be left open to have a dynamic IP addres received through DHCP.  And that it is quite normal.


If DHCP get-address is all its for, that sounds safe enough.

Quote (roberts @ June 04 2008,03:02)
Port 68 is from the pump -i eth0 used to fetch an IP.
If that is a concern to you then add
pkill pump
to your /opt/bootlocal.sh after obtaining your IP.
Port 68 will be closed.


I might go ahead and kill the pump anyway, though, since I use
an arcane dialup modem for internet, and set my lan address
with ifconfig eth0 192.168.x.x

Thanx  :)

Posted by curaga on June 04 2008,11:06
You could also add "nodhcp" to boot codes to stop pump from starting at all.
Posted by lucky13 on June 04 2008,14:55
As already described, it's not a vulnerability. One thing you can do to check on any port to see what's happening is:
netstat -anp | grep N
where N is the port number. So if N=68, you would get back a line that looks like this:
tcp 0 0 0.0.0.0:68 0.0.0.0:* LISTEN
(with portnumber and process after LISTEN if you're root)

...and you'll also get back any other network information with "68" in it (which could be a lot if you're connected to a LAN like you are - 192.168.x.x since grep will catch every line with 68).

edited

Posted by meo on June 04 2008,17:28
Hi buzzard!

If you would like to check the port the way mentioned in the previous post and haven't installed gnu-utils I think it should be like this:

netstat -an | grep 68

or whatever port you want to check. Otherwise you would just get a busybox error (if you haven't dropped the p).

Have fun everybody out there,
meo

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.