Fabre

#169606 tiger: spurious report on non-server open ports #169606

Package:: tiger

Source:: tiger

Description:: security auditing and intrusion detection tools for Linux

Submitter:: Javier FernÃ¡ndez-Sanguino PeÃ±a

Date:: 2005-07-18 03:09:44 UTC

Severity:: wishlist

#169606#5

Date:: 2002-11-18 10:41:43 UTC

From:

To:

Some applications (XFree86, bin...) open up UDP sockets when making
outbound communications. It is not clear if these sockets can be used to
comunication back to the application (it seems it's not possible to do so)
however the way 'check_listentingprocs' determines open sockets/ports
makes (what looks like) some false positives constantly appear related to
UDP ports.

Like this:


From: Tiger automatic auditor at XXXXX
Date: 14 Nov 2002 17:00:09 -0000
Cc: recipient list not shown: ;
Subject: Tiger Auditing Report for XXXXX

# Checking listening processes
OLD: --WARN-- [lin003w] The process `XFree86' is listening on socket 1042 (UDP on every interface) is run by root.
#else /* TIGERCHANGES */
OLD: --WARN-- [lin003w] The process `XFree86' is listening on socket 1064 (UDP on every interface) is run by root.

If this is a false positive it should be plugged out the script.

Javi

#169606 tiger: spurious report on non-server open ports #169606

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)