[svlug] Port 1480, pacerfourm.

Chris Waters xtifr at dsp.net
Wed May 31 11:35:40 PDT 2000

Bill Schoolcraft <bill at wiliweld.com> writes:

> At Fri, 26 May 2000 it looks like Chris Waters composed:

> CW-> Well, I just checked, and gnome-session is definitely not hardwired to
> CW-> 1480.  On my laptop, for example, it's using 1025/tcp.  I suspect that
> CW-> it chooses a free port at random, or something.

> Hmmm, so excuse my "chicken-n-egg" thinking, but _if_ a service does
> randomly choose 1480, the portscan only checks for life, references
> who's the last registered owner of that port and  not who's
> actually breathing behind the port ?

The portscan, which is on the outside looking in, can't tell what
process actually owns a port.  My understanding (and this could be
wrong) is that a typical portscan simply looks up the port number in
/etc/services to see if it can find a matching name.  So, if I
decided, for whatever dumb reason, to set up my httpd to use port 25,
then a portscan would probably report that I have smtp running.

Skimming my /etc/services file, I see the following comment before the
listing of ports above 1024:

# From ``Assigned Numbers'':
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations.  For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined.  This list specifies the port used by the server process as its
#> contact port.  While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.

I don't have port 1480 listed in my /etc/services at all, though, and
I'm not sure if that's significant, or simply a difference between
distributions.  But 1480 probably fits in this category of unofficial

Hmm, I also see some fairly interesting services listed.  How about:

rfe             5002/tcp                        # Radio Free Ethernet
mandelspawn     9359/udp        mandelbrot      # network mandelbrot

Chris Waters   xtifr at dsp.net | I have a truly elegant proof of the
      or    xtifr at debian.org | above, but it is too long to fit into
http://www.dsp.net/xtifr     | this .signature file.

More information about the svlug mailing list