listening ports

  I noticed that there are lots of LISTENing open ports up in the 2100's 
that are listed by lsof -i as belonging to GNOME apps. For instance:

gnome-ses 6769 foo    3u  IPv4 3950081       TCP *:2140 (LISTEN)
magicdev  6784 foo    6u  IPv4 3950168       TCP *:2141 (LISTEN)
gnome-nam 6800 foo    4u  IPv4 3950224       TCP *:2144 (LISTEN)
panel     6809 foo    6u  IPv4 3950431       TCP *:2149 (LISTEN)
gmc       6813 foo    6u  IPv4 3950466       TCP *:2151 (LISTEN)
quicklaun 6827 foo    5u  IPv4 3950758       TCP *:2152 (LISTEN)
gnomepage 6829 foo    5u  IPv4 3950786       TCP *:2153 (LISTEN)
asclock_a 6831 foo    5u  IPv4 3950806       TCP *:2154 (LISTEN)
gnomexmms 6833 foo    5u  IPv4 3950835       TCP *:2155 (LISTEN)
mixer_app 6835 foo    5u  IPv4 3950847       TCP *:2156 (LISTEN)
multiload 6837 foo    5u  IPv4 3950881       TCP *:2157 (LISTEN)

  Some of these are panel apps that I have added in customizing my desktop.
I assume that a lot of the open ports are CORBA overhead.?. I can telnet
to most of them and type garbage and will eventually get a "Connection closed"
message, but I'm wondering if I need to worry about this from a security 
standpoint. At least none of them are running as root and so any buffer overflows
and the like would appear to only affect a user account and not root.

  At least from a diving into the code perspective, I'm pretty ignorant as to
what is going on under the hood in GNOME so could someone who knows a little more
comment on why these apps are listening and what security concerns that might
present? Might it be a good idea to setup a GNOME-security list and test such

Nathan Valentine - 		AIM: NRVesKY
University of Kentucky Linux Users Group

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]