tcpmux ????

tcpmux ????

Post by Jerom » Tue, 04 May 1999 04:00:00



Hi there,

I've juste been scanned for a port assigned to "tcpmux", whatever that is,
and ports 1 through 6... Firewall blocked it, but I find it rather strange.
Someone knows what these ports are used for ?

Thank you.

Jerome (reply to :

 
 
 

tcpmux ????

Post by Barry Margoli » Tue, 04 May 1999 04:00:00



>Hi there,

>I've juste been scanned for a port assigned to "tcpmux", whatever that is,
>and ports 1 through 6... Firewall blocked it, but I find it rather strange.
>Someone knows what these ports are used for ?

TCPMUX was intended to be an alternative to assigning port numbers to
servers.  Instead, they would have names, clients would connect to the
TCPMUX port (port 1), supply the name, and then it would connect them to
the server.  This is similar to the idea behind the portmapper, except that
it uses strings instead of long program names, and it connects the client
directly rather than just passing back a port number.

TCPMUX never received wide use, but some versions of inetd include built-in
support for it.

--

GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

tcpmux ????

Post by Jerom » Tue, 04 May 1999 04:00:00


Quote:>TCPMUX was intended to be an alternative to assigning port numbers to
>servers.  <snip> This is similar to the idea behind the portmapper, except
that
>it uses strings instead of long program names, and it connects the client
>directly rather than just passing back a port number.

>TCPMUX never received wide use, but some versions of inetd include built-in
>support for it.

Thank you. It was certainly a mis-configured process... I doubt anybody
would want to take advantage of an exploit based on a so un-widely used
scheme... bad guys are better off with portmap !

Thanks again !

Jerome.

 
 
 

tcpmux ????

Post by Alan J Rosenth » Tue, 04 May 1999 04:00:00



>I've juste been scanned for a port assigned to "tcpmux", whatever that is,
>and ports 1 through 6...

Tcpmux *is* port 1.  Since few inetds do tcpmux but irix inetd does, this has
been widely used as a way to scan for irix machines, which typically have a
large number of well-known passwordless accounts (said passwordless accounts
having been defended by SGI in a Dilbertesque security alert as "fostering
collaboration").  (There's a CERT advisory about this if you're interested.)
 
 
 

tcpmux ????

Post by Jerom » Wed, 05 May 1999 04:00:00


Quote:>Tcpmux *is* port 1.

Ooops... reading logs at 1 pm isn't a good thing to do ;)

Quote:>Since few inetds do tcpmux but irix inetd does, this has been widely used

as a way to scan for irix >machines
Oh, I see... and since Irix is far from being the most secure among the
Un*x...

Quote:>"fostering collaboration"

Reminds me of something about "bugs" and "features" ;)

Thank you for your comments.

Jerome.


 
 
 

tcpmux ????

Post by Bernd Eckenfel » Wed, 05 May 1999 04:00:00



> Thank you. It was certainly a mis-configured process... I doubt anybody
> would want to take advantage of an exploit based on a so un-widely used
> scheme... bad guys are better off with portmap !

Well, the advantage is, that if you get tcpmux to do a connect to a local
service you can circumvent tcp-wrapper or even port filters. Therefore the
test for it is cheap (doing it automatically, in case of an hit, you have a
lot of exploits to use)

Greetings
Bernd

 
 
 

tcpmux ????

Post by Mike O'Conno » Tue, 20 Jul 1999 04:00:00




:>I've juste been scanned for a port assigned to "tcpmux", whatever that is,
:>and ports 1 through 6...
:
:Tcpmux *is* port 1.  Since few inetds do tcpmux but irix inetd does, this has
:been widely used as a way to scan for irix machines, which typically have a
:large number of well-known passwordless accounts (said passwordless accounts
:having been defended by SGI in a Dilbertesque security alert as "fostering
:collaboration").  (There's a CERT advisory about this if you're interested.)

More directly, scanning for tcpmux has caused some SGI's inetd to die.  

--

 InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 248-848-4481

 
 
 

1. tcpmux available on HP-UX?

Hi

I am porting an application that uses tcpmux from Irix to HP-UX 10.20.

Is tcpmux available on HP-UX?  If not, what is involved in porting it?

More generally - how widely implemented is tcpmux?  Does anybody know if
it is on other unices, and if so, which ones?

I am also interested in the pro, cons and alternatives to tcpmux.  All I
have really found so far is RFC 1078.

Thanks for any help.

William
--

William Hayman                       Phone +64-9-3730400 ext 418

Peace Software International

2. SRM and ARC

3. TCPMUX/HTTP (FreeBSD)

4. Newbie: problem with charset

5. tcpmux daemon/server???

6. multimonitor

7. Apache & TCPMUX

8. Looking for relay tool (UDP).

9. TCPMUX?

10. IRIX tcpmux Port Scanning and Root Compromises

11. TCPMUX and Apache