From dann@greycat.com  Thu Oct  5 13:24:30 2000
Return-Path: <dann@greycat.com>
Received: from vortex.greycat.com (vortex.greycat.com [207.173.133.4])
	by hub.freebsd.org (Postfix) with SMTP id E3FC837B502
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  5 Oct 2000 13:24:27 -0700 (PDT)
Received: (qmail 6589 invoked from network); 5 Oct 2000 20:24:22 -0000
Received: from bigphred.greycat.com (HELO greycat.com) (207.173.133.2)
  by vortex.greycat.com with SMTP; 5 Oct 2000 20:24:22 -0000
Received: (from dann@localhost)
	by greycat.com (8.9.3/8.9.3) id NAA76505;
	Thu, 5 Oct 2000 13:24:21 -0700 (PDT)
	(envelope-from dann)
Message-Id: <200010052024.NAA76505@greycat.com>
Date: Thu, 5 Oct 2000 13:24:21 -0700 (PDT)
From: Dann Lunsford <dann@greycat.com>
Reply-To: Dann Lunsford <dann@greycat.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: Add info on port usage to services
X-Send-Pr-Version: 3.2

>Number:         21775
>Category:       misc
>Synopsis:       Add info on port usage to services
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dougb
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 05 13:30:01 PDT 2000
>Closed-Date:    Sat Aug 11 13:43:19 PDT 2001
>Last-Modified:  Sat Aug 11 13:43:32 PDT 2001
>Originator:     Dann Lunsford
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
Practically none
>Environment:

FreeBSD bigphred.greycat.com 4.1-STABLE FreeBSD 4.1-STABLE #0: Thu Jul 27 17:58:52 PDT 2000     root@bigphred.greycat.com:/u3/obj/usr/src/sys/PHRED  i386

>Description:

add usage info to /etc/services.  TCP port 98 is officially tacnews but is 
used by Red Hat Linux's linuxconf tool as well. I've seen a lot of port
scans for this, and thought it would be good to have this noted in
services.

>How-To-Repeat:

N/A

>Fix:
diff below:

--- /etc/services.old	Thu Oct  5 12:57:09 2000
+++ /etc/services	Thu Oct  5 13:08:10 2000
@@ -196,7 +196,7 @@
 dixie		 96/udp	   #DIXIE Protocol Specification
 swift-rvf	 97/tcp	   #Swift Remote Virtural File Protocol
 swift-rvf	 97/udp	   #Swift Remote Virtural File Protocol
-tacnews		 98/tcp	   #TAC News
+tacnews		 98/tcp	   #TAC News; Red Hat linuxconf
 tacnews		 98/udp	   #TAC News
 metagram	 99/tcp	   #Metagram Relay
 metagram	 99/udp	   #Metagram Relay

>Release-Note:
>Audit-Trail:

From: Chris Faulhaber <jedgar@fxp.org>
To: Dann Lunsford <dann@greycat.com>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: misc/21775: Add info on port usage to services
Date: Thu, 5 Oct 2000 16:44:52 -0400

 On Thu, Oct 05, 2000 at 01:24:21PM -0700, Dann Lunsford wrote:
 
 > >Description:
 > 
 > add usage info to /etc/services.  TCP port 98 is officially tacnews but is 
 > used by Red Hat Linux's linuxconf tool as well. I've seen a lot of port
 > scans for this, and thought it would be good to have this noted in
 > services.
 > 
 > -tacnews		 98/tcp	   #TAC News
 > +tacnews		 98/tcp	   #TAC News; Red Hat linuxconf
 
 Did IANA officially assign this port to RedHat?  And do we really want to
 start adding a bunch of cruft into /etc/services about systems using
 unassigned ports?
 
 -- 
 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
 --------------------------------------------------------
 FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
 

From: Dann Lunsford <dann@greycat.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: misc/21775: Add info on port usage to services
Date: Fri, 6 Oct 2000 12:45:06 -0700

 On Thu, Oct 05, 2000 at 04:44:52PM -0400, Chris Faulhaber wrote:
 > On Thu, Oct 05, 2000 at 01:24:21PM -0700, Dann Lunsford wrote:
 > 
 > > >Description:
 > > 
 > > add usage info to /etc/services.  TCP port 98 is officially tacnews but is 
 > > used by Red Hat Linux's linuxconf tool as well. I've seen a lot of port
 > > scans for this, and thought it would be good to have this noted in
 > > services.
 > > 
 > > -tacnews		 98/tcp	   #TAC News
 > > +tacnews		 98/tcp	   #TAC News; Red Hat linuxconf
 > 
 > Did IANA officially assign this port to RedHat?  And do we really want to
 > start adding a bunch of cruft into /etc/services about systems using
 > unassigned ports?
 
 I don't think IANA had anything to do with it, actually.  I just
 checked the IANA site, and can find no reference to Red Hat stuff in
 the port numbers list.  But there are notices in that list about
 unoffical port usages, and incorrect and unauthorized port grabs. 
 My motive in this PR was to get similar info into our services file, 
 at least for some of the more egregions cases.  In this particular 
 instance, I spent about an hour searching various places before I found 
 that RH had usurped the tacnews port for linuxconf, and that versions  
 of linuxconf were remotely exploitable, which explained the scans.  I 
 looked in /etc/services first, of course; if a note had been there, 
 that hour could have been spent elsewhere :-).
 
 I am mostly in sympathy with the "anti cruft" attitude, but is info
 that saves an admin some time or effort really cruft? In any case, 
 the final decision is yours as to what gets distributed with the 
 system; I can always add my own notes to my copy.  
 
 Thanks for the consideration.
 
 
 -- 
 Dann Lunsford       The only thing necessary for the triumph of evil
 dann@greycat.com    is that men of good will do nothing.  --  Cicero
 
State-Changed-From-To: open->analyzed 
State-Changed-By: dougb 
State-Changed-When: Sat Jul 28 13:04:02 PDT 2001 
State-Changed-Why:  

This seems reasonable. If ISI's site ever comes back on line, 
I'll commit this. 


Responsible-Changed-From-To: freebsd-bugs->dougb 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Sat Jul 28 13:04:02 PDT 2001 
Responsible-Changed-Why:  

I'll handle it, and the MFC 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21775 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dougb 
State-Changed-When: Sat Aug 11 13:43:19 PDT 2001 
State-Changed-Why:  

This was actually MFC'ed 10 days ago, so my work here is done. :) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=21775 
>Unformatted:
