Author: snootalope, Location: IA _ USAPosted: Fri Feb 14, 2003 5:05 pm Post subject: Port 37 ---- morning guys..
looks like Apache 1.3.26 running on Linix with more ports open then needs to be.. I see that port 37 is open, which is a "time" port.. I've searched for exploits on it, no go.. I did read that it is a weakness though.. anyone know anything relavent about a port 37 weakness?
Author: myhatisred, Posted: Fri Feb 14, 2003 8:28 pm Post subject: ---- I honestly don't think that you could do much with a time port
Author: dissolutions, Posted: Fri Feb 14, 2003 8:39 pm Post subject: ---- Can't you just block the port with your firewall?
Author: snootalope, Location: IA _ USAPosted: Fri Feb 14, 2003 8:41 pm Post subject: ---- why yes i could... but I'm looking at someone elses's web server..
The inetd running the TCP time services, daytime (prot13) and time (port 37) will crash if you send excessive SYN packets. Once inetd crashes, all other services running through inetd will no longer work. The scanner attempts to exploit this vulnerability.
Caution! Exercised caution as the inet daemon may go down on a vulnerable host.
Risk: Medium
OS Vulnerable: Linux
Fix: Turn off the two services in TCP mode. Alternatively, switch to xinetd.
Either way, close this port.
Better yet, get a firewall in front of that webserver.