Help - Search - Members - Calendar
Full Version: Cacko qpe listens on ports 4992 and 4244
OESF Forums > General Forums > General Support and Discussion > Security and Networking
stupkid
Is there a way of disabling qpe from listening on 4992 and 4244? On my Cacko 1.21b ROM as root:

# netstat -nap --protocol=inet
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4992 0.0.0.0:* LISTEN 242/qpe
tcp 0 0 0.0.0.0:4244 0.0.0.0:* LISTEN 242/qpe

Since I do not use this service to sync it would be nice to disable. If I can't disable I guess it could be secured with iptables/ipchains etc. Does QPE recognize hosts.allow? Any ideas?

Thanks!
stupkid
No ideas on turning this off at all? chirp...chirp...chirp (crickets). sad.gif
tumnus
This FAQ is for the old 5500 ROMs but the principle is the same:

http://www.zaurususergroup.com/FAQ+index-m...at-12.phtml#106

Qtopia isn't very good about sticking to Linux/POSIX standards like this.
KA6AH
I've searched the whole forum and google, but still cat't figure out: what port 4992 is used for? Maybe, it is useful for something prior to disable it?

Found one opinion about qpe sound server listening on that port (in IRC channel logs), but the source does not seem to be very competent..
lardman
There was a thread about this on the devnet iirc, is there a backup of that anywhere?


Si
KA6AH
I've found some info about what these ports are used for (here):

4242 - ftp server login: root passwword: NONE!

This allows anyone to access any file on any zaurus that is network connected. Files can be downloaded, uploaded, or deleted! This ftp server does not even look at the password file. The login name and blank password are hard coded into the ftp server!

4243 - behaves a little like rsync

This port is totaly unencrypted and the login/password combination used by the desktop sync software can be snooped with tcpdump with no problem. The login/password combination are hard coded and can not be changed!

4992 - probably also part of the desktop sync
Da_Blitz
i guess thats why we recomend firewalls on these thinggs wink.gif
speculatrix
just install iptables and then write a simply startup script called firewall... search the forums for "iptables" and you'll find lots of examples.
sdjf
QUOTE(stupkid @ Sep 20 2004, 12:08 PM)
Is there a way of disabling qpe from listening on 4992 and 4244?  On my Cacko 1.21b ROM as root:

# netstat -nap --protocol=inet
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4992 0.0.0.0:* LISTEN 242/qpe
tcp 0 0 0.0.0.0:4244 0.0.0.0:* LISTEN 242/qpe

Since I do not use this service to sync it would be nice to disable.  If I can't disable I guess it could be secured with iptables/ipchains etc.  Does QPE recognize hosts.allow?  Any ideas?

Thanks!
*


I realize this is a very old thread, but here's another take on the situation. The sl5500 stock ROMs are continually respawning ttyS0, and if that is where the listening to the ports comes from, stopping the respawning (if you don't need it) should do the trick. I see no such ports when I run netstat, since I have ttyS0 disabled.

I give instructions for disabling ttyS0 at http://www.sdjf.esmartdesign.com/respawn.html

Oops! I didn't enter the arguments for netstat correctly, and see that my Z is listening on 22, 111, 4242, 4243, and 4992 when I am online, and on just 4242, 4243, and 4992 when offline. So there is no 4244, but other ports. And I don't know how to see what tty is associated with what. Hopefully the respawning idea will help, and sorry about messing up on the report about ports.

sdjf
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.