OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: DNS control port additions to /etc/services

From: Stuart Henderson (sthenopenbsd.org)
Date: Wed Jul 16 2014 - 05:07:24 CDT


On 2014/07/16 11:02, Craig R. Skinner wrote:
> On 2014-07-15 Tue 16:04 PM |, Theo de Raadt wrote:
> > >On Tue, Jul 15, 2014 at 12:22:37PM +0100, Craig R. Skinner wrote:
> > >>
> > >> Suggestion of add NSD, Unbound & BIND control ports to /etc/services:
> > >
> > >Makes sense to me. Anyone want to OK this?
> > >
> > >> Index: etc/services
> > >> ===================================================================
> > >> RCS file: /cvs/src/etc/services,v
> > >> retrieving revision 1.87
> > >> diff -u -p -r1.87 services
> > >> --- etc/services 12 Jul 2014 14:51:07 -0000 1.87
> > >> +++ etc/services 15 Jul 2014 11:17:31 -0000
> > >> -181,6 +181,8 kerberos-adm 749/tcp # Kerberos 5 kad
> > >> kerberos-adm 749/udp # Kerberos 5 kadmin
> > >> rsync 873/tcp # rsync server
> > >> cddb 888/tcp cddbp # Audio CD Database
> > >> +named-rndc 953/tcp # Domain Name System (DNS) BIND RNDC Service
> > >> +named-rndc 953/udp # Domain Name System (DNS) BIND RNDC Service
> > >> imaps 993/tcp # imap4 protocol over TLS/SSL
> > >> imaps 993/udp # imap4 protocol over TLS/SSL
> > >> pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL
> >
> > That means two more reserved ports are taken out of the bucket.
> >
>
> Strip out the Kerberos stuff?????:

Not sure (Antoine would know better), but this may be needed for Kerberos in ports.

>
> $ fgrep -i Kerberos etc/services
> kerberos 88/udp kerberos-sec # Kerberos 5 UDP
> kerberos 88/tcp kerberos-sec # Kerberos 5 TCP
> kpasswd 464/tcp # Kerberos 5 password changing
> kpasswd 464/udp # Kerberos 5 password changing
> klogin 543/tcp # Kerberos authenticated rlogin
> kshell 544/tcp krcmd # Kerberos remote shell
> ekshell 545/tcp # Kerberos encrypted shell
> kerberos-adm 749/tcp # Kerberos 5 kadmin
> kerberos-adm 749/udp # Kerberos 5 kadmin
> kpop 1109/tcp # Pop with Kerberos
> eklogin 2105/tcp # Kerberos encrypted rlogin
> rkinit 2108/tcp # Kerberos remote kinit
> kx 2111/tcp # X over kerberos
> kip 2112/tcp # IP over kerberos
> iprop 2121/tcp # Kerberos incremental propagation
> krb524 4444/tcp # Kerberos 5->4
> krb524 4444/udp # Kerberos 5->4
> afs3-kaserver 7004/tcp # AFS kerberos authentication server
> afs3-kaserver 7004/udp # AFS kerberos authentication server
> kerberos-iv 750/udp kdc # Kerberos authentication--udp
> kerberos-iv 750/tcp kdc # Kerberos authentication--tcp
> kerberos_master 751/udp # Kerberos 4 kadmin
> kerberos_master 751/tcp # Kerberos 4 kadmin
> krb_prop 754/tcp hprop # Kerberos slave propagation
> krbupdate 760/tcp kreg # BSD Kerberos registration
>