Subject: [s-x86] Solaris 8 x86 01/01 default services Date: Fri, 13 Apr 2001 23:24:53 -0000 From: yahoo@bejtlich.net To: solarisonintel@yahoogroups.com Hello, This is a FYI post, not a question. I just installed the "entire distribution" of Solaris 8 x86 01/01 on my Thinkpad a20p. I was curious what services were started by default, so I ran nmap against the box. First I fingerprinted it. nmap 2.53 didn't recognize the OS. However, while fingerprinting the box, Solaris responded by launching the Solaris Management Console server on port 898! It looks like a web server which allows remote management, as I was able to connect with netscape on the scanning host to port 898 on the Solaris box. Next I looked for all listening services from port 1 to 65535. The following TCP ports were open: 7/tcp open echo 9/tcp open discard 13/tcp open daytime 19/tcp open chargen 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 37/tcp open time 79/tcp open finger 111/tcp open sunrpc 512/tcp open exec 513/tcp open login 514/tcp open shell 515/tcp open printer 540/tcp open uucp 898/tcp open unknown 4045/tcp open lockd 5987/tcp open unknown 6112/tcp open dtspc 7100/tcp open font-service 32771/tcp open sometimes-rpc5 32772/tcp open sometimes-rpc7 32773/tcp open sometimes-rpc9 32774/tcp open sometimes-rpc11 32775/tcp open sometimes-rpc13 32778/tcp open sometimes-rpc19 32779/tcp open sometimes-rpc21 32793/tcp open unknown I then did a rpcinfo -p and got this: program vers proto port 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 32772 status 100024 1 tcp 32771 status 100133 1 udp 32772 100133 1 tcp 32771 100232 10 udp 32773 sadmind 100011 1 udp 32774 rquotad 100002 2 udp 32775 rusersd 100002 3 udp 32775 rusersd 100002 2 tcp 32772 rusersd 100002 3 tcp 32772 rusersd 100012 1 udp 32776 sprayd 100008 1 udp 32777 walld 100001 2 udp 32778 rstatd 100001 3 udp 32778 rstatd 100001 4 udp 32778 rstatd 100083 1 tcp 32773 100221 1 tcp 32774 100235 1 tcp 32775 100068 2 udp 32779 100068 3 udp 32779 100068 4 udp 32779 100068 5 udp 32779 100021 1 udp 4045 nlockmgr 100021 2 udp 4045 nlockmgr 100021 3 udp 4045 nlockmgr 100021 4 udp 4045 nlockmgr 100021 1 tcp 4045 nlockmgr 100021 2 tcp 4045 nlockmgr 100021 3 tcp 4045 nlockmgr 100021 4 tcp 4045 nlockmgr 300598 1 udp 32782 300598 1 tcp 32778 805306368 1 udp 32782 805306368 1 tcp 32778 100249 1 udp 32783 100249 1 tcp 32779 Finally, I scanned for listening UDP services, with these results: Port State Service 7/udp open echo 9/udp open discard 13/udp open daytime 19/udp open chargen 37/udp open time 42/udp open nameserver 111/udp open sunrpc 161/udp open snmp 512/udp open biff 514/udp open syslog 517/udp open talk 520/udp open route 4045/udp open lockd 4992/udp open unknown 6500/udp open unknown 32771/udp open sometimes-rpc6 32772/udp open sometimes-rpc8 32773/udp open sometimes-rpc10 32774/udp open sometimes-rpc12 32775/udp open sometimes-rpc14 32776/udp open sometimes-rpc16 32777/udp open sometimes-rpc18 32778/udp open sometimes-rpc20 32779/udp open sometimes-rpc22 32782/udp open unknown 32783/udp open unknown 32784/udp open unknown 32788/udp open unknown 32789/udp open unknown This is probably no great revelation to you all, but I hadn't seen this listed anywhere! Sincerely, Richard Bejtlich http://bejtlich.net