OESF Portables Forum
Everything Else => General Support and Discussion => Zaurus General Forums => Archived Forums => Security and Networking => Topic started by: stupkid on September 20, 2004, 04:08:21 pm
-
Is there a way of disabling qpe from listening on 4992 and 4244? On my Cacko 1.21b ROM as root:
# netstat -nap --protocol=inet
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4992 0.0.0.0:* LISTEN 242/qpe
tcp 0 0 0.0.0.0:4244 0.0.0.0:* LISTEN 242/qpe
Since I do not use this service to sync it would be nice to disable. If I can't disable I guess it could be secured with iptables/ipchains etc. Does QPE recognize hosts.allow? Any ideas?
Thanks!
-
No ideas on turning this off at all? chirp...chirp...chirp (crickets).
-
This FAQ is for the old 5500 ROMs but the principle is the same:
http://www.zaurususergroup.com/FAQ+index-m...at-12.phtml#106 (http://www.zaurususergroup.com/FAQ+index-myfaq-yes-id_cat-12.phtml#106)
Qtopia isn't very good about sticking to Linux/POSIX standards like this.
-
I've searched the whole forum and google, but still cat't figure out: what port 4992 is used for? Maybe, it is useful for something prior to disable it?
Found one opinion about qpe sound server listening on that port (in IRC channel logs), but the source does not seem to be very competent..
-
There was a thread about this on the devnet iirc, is there a backup of that anywhere?
Si
-
I've found some info about what these ports are used for (here (http://zaurus.wynn.com/problems/)):
4242 - ftp server login: root passwword: NONE!
This allows anyone to access any file on any zaurus that is network connected. Files can be downloaded, uploaded, or deleted! This ftp server does not even look at the password file. The login name and blank password are hard coded into the ftp server!
4243 - behaves a little like rsync
This port is totaly unencrypted and the login/password combination used by the desktop sync software can be snooped with tcpdump with no problem. The login/password combination are hard coded and can not be changed!
4992 - probably also part of the desktop sync
-
i guess thats why we recomend firewalls on these thinggs
-
just install iptables and then write a simply startup script called firewall... search the forums for "iptables" and you'll find lots of examples.
-
Is there a way of disabling qpe from listening on 4992 and 4244? On my Cacko 1.21b ROM as root:
# netstat -nap --protocol=inet
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4992 0.0.0.0:* LISTEN 242/qpe
tcp 0 0 0.0.0.0:4244 0.0.0.0:* LISTEN 242/qpe
Since I do not use this service to sync it would be nice to disable. If I can't disable I guess it could be secured with iptables/ipchains etc. Does QPE recognize hosts.allow? Any ideas?
Thanks!
[div align=\"right\"][{POST_SNAPBACK}][/a][/div] (http://index.php?act=findpost&pid=42806\")
I realize this is a very old thread, but here's another take on the situation. The sl5500 stock ROMs are continually respawning ttyS0, and if that is where the listening to the ports comes from, stopping the respawning (if you don't need it) should do the trick. I see no such ports when I run netstat, since I have ttyS0 disabled.
I give instructions for disabling ttyS0 at [a href=\"http://www.sdjf.esmartdesign.com/respawn.html]http://www.sdjf.esmartdesign.com/respawn.html[/url]
Oops! I didn't enter the arguments for netstat correctly, and see that my Z is listening on 22, 111, 4242, 4243, and 4992 when I am online, and on just 4242, 4243, and 4992 when offline. So there is no 4244, but other ports. And I don't know how to see what tty is associated with what. Hopefully the respawning idea will help, and sorry about messing up on the report about ports.
sdjf