From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from b-painless.mh.aa.net.uk ([81.187.30.52]) by ur; Tue Apr 18 18:40:29 EDT 2017 Received: from 10.190.187.81.in-addr.arpa ([81.187.190.10] helo=quintile.net) by b-painless.mh.aa.net.uk with esmtp (Exim 4.84_2) (envelope-from ) id 1d0bmz-0005bj-9K for 9front@9front.org; Tue, 18 Apr 2017 23:40:04 +0100 Received: from [192.168.1.104] ([81.187.190.10]) by quintile.net; Tue Apr 18 23:39:58 BST 2017 From: Steve Simon Content-Type: multipart/alternative; boundary="Apple-Mail=_CB8DAA3D-29B3-4C38-B1EF-7B08B7C28883" Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [9front] aux/listen changes Date: Tue, 18 Apr 2017 23:39:57 +0100 References: <20170418201206.GA40883@wopr> To: 9front@9front.org In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3273) List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: TOR enhancement pipelining rich-client framework --Apple-Mail=_CB8DAA3D-29B3-4C38-B1EF-7B08B7C28883 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 18 Apr 2017, at 21:23, Stanley Lieber wrote: >=20 >=20 >=20 > On Apr 18, 2017, at 4:12 PM, Kurt H Maier > wrote: >=20 > As it stands, on an unconfigured 9front: >>=20 >> 7/tcp open echo >> 9/tcp open discard >> 19/tcp open chargen >> 21/tcp open ftp >> 23/tcp open telnet >> 25/tcp open smtp >> 53/tcp open domain >> 110/tcp open pop3 >> 113/tcp open ident >> 143/tcp open imap >> 513/tcp open login >> 993/tcp open imaps >> 995/tcp open pop3s >>=20 >>=20 >> this is super grody. >=20 > This, too, is still a problem: >=20 > = http://bugs.9front.org/open/too_many_listeners_with_broken_configurations_= are_started_in_rcbinservice/ = >=20 > sl >=20 Ah, I am still on the labs distort (sorry) - they used to prefix all the = scripts in /rc/bin/service (and /rc/bin/service.auth) with a hash to = make it invalid and thus disable that listener. To enable the service The administrator then has to rename the entries they want to enable. Perhaps that is different on 9 front. I agree that listen can get over-excited starting server processes - I = used to run many services facing The sewer, sorry, internet, and script kiddies could bring listen down = by hammering it. I have a distant memory that Erik changed his listen to = restrict the number of children (perhaps per service) that it would = start. -Steve --Apple-Mail=_CB8DAA3D-29B3-4C38-B1EF-7B08B7C28883 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
On 18 Apr 2017, at 21:23, Stanley Lieber <sl@stanleylieber.com> wrote:



On Apr = 18, 2017, at 4:12 PM, Kurt H Maier <khm@sciops.net> wrote:

As = it stands, on an unconfigured 9front:

7/tcp =   open  echo
9/tcp =   open  discard
19/tcp  open  chargen
21/tcp  open  ftp
23/tcp  open  telnet
25/tcp  open  smtp
53/tcp  open  domain
110/tcp open  pop3
113/tcp open  ident
143/tcp open  imap
513/tcp open  login
993/tcp open  imaps
995/tcp open  pop3s


this is super grody.

This, too, is = still a problem:


sl


Ah, I am still on the labs distort (sorry) - they used to = prefix all the scripts in /rc/bin/service (and /rc/bin/service.auth) = with a hash to make it invalid and thus disable that listener. To enable = the service
The administrator then has to rename = the entries they want to enable.

Perhaps that is different on 9 = front.

I agree = that listen can get over-excited starting server processes - I used to = run many services facing
The sewer, sorry, = internet, and script kiddies could bring listen down by hammering it. I = have a distant memory that Erik changed his listen to restrict the = number of children (perhaps per service) that it would start.

-Steve

= --Apple-Mail=_CB8DAA3D-29B3-4C38-B1EF-7B08B7C28883--