[CALUG] open ports

Joel J. tcepsa at gmail.com
Thu Sep 15 13:01:03 EDT 2011


I'll admit I am not a networking expert, but it sounds like you have the
right idea.

The driver handles all communication with the network card. I don't know
whether the driver actually knows about which ports are open or not.
Regardless, yes, to get from the network to the telnet process the packets
must be handled by the driver.

However, I am also pretty sure that the driver handles all incoming traffic
on all ports, even ones that are closed, because it doesn't know what port a
packet is trying to get to without checking it first. After it figures out
the port, though, it may just discard packets that are trying to go to ports
that are closed. (I could be wrong and the discard is handled by something
else later on). Also, if you are running a firewall, all packets are
filtered through it before being allowed to continue on.

For your final POV, it depends on the telnet server implementation (and how
it is shut down). If it is terminated gracefully and closes the port, then
yes, unless another process reopens that port it will remain unaccessible
and should be impervious to attacks against that port.  However, if it
crashes or for some other reason terminates without closing the port, then
the port will remain open until the OS cleans it up or another process
closes it.  That's not usually a big deal either, though,  because the
process is dead.  Even if malicious packets are coming in, it's only really
a problem if a vulnerable process is receiving them.  So mostly an unclosed
socket is about as much of a problem as an unclosed file.  In fact, I
believe that ports (or sockets, to be precise) are handled like files, so I
don't think two processes can share a port unless one is a fork of the
other. That is probably not relevant for telnet, but might be applicable for
other applications.

Hopefully that helps, and please correct me if I am mistaken about anything
important.

Cheers,
Joel
On Sep 15, 2011 12:17 PM, "Walt Smith" <waltechmail at yahoo.com> wrote:
>
> I enjoyed a great deal the openVPN session.
>
> I was wondering what was meant by the term "open ports"?
> I don't recall if an "Ethernet" driver actually listens
> ( is the sole accessor to directly listen to.. )
> to all the ports. Contrast to some "service" that does.
> For example, port 23 would be a telnet server listening to
> that port. i.e does the telnet server get it's packets from
> the ethernet driver ?
>
> re-stated,
> Is the telnet server the only software that directly accesses
> the "port" itself ? Seems to me in the OSI that the ethernet driver
> is what resides and sucks out the packets.
>
> So, does "open port" mean the ethernet driver is actually listening ?
> ( is the only true connection/listener ).
> Other than the listing of "ports" in the "services" file,
> is that the config file that "permits"/"enables" the
> port ? Is there a specific block to specific ports ?
>
> Another POV, does stopping the telnet server mean port 23
> is no longer "connected/used/accessible" ? hence "safe"
> from intrusion attempts ( other than a hole in the OS ) ?
>
> thx,
> Walt......
>
>
>
> Celebrating over 13,000 emails in my Yahoo Inbox !
>
> _______________________________________________
> CALUG mailing list
> CALUG at unknownlamer.org
> http://lists.unknownlamer.org/listinfo/calug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.unknownlamer.org/pipermail/calug/attachments/20110915/aaa205db/attachment.htm 


More information about the CALUG mailing list