Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'View currently open network connections' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
View currently open network connections
Authored by: babbage on Jul 07, '11 07:49:22PM

ADDENDUM:

Having now looked at Peter Moller's site, and read over the source of his scripts, it's not *that* bad.

Moller is a systems administrator at Lund University in Sweden. (I'll give the uni the benefit of the doubt & assume they don't have a criminal working as their sysadmin.) The output from the script does include a lot of information that isn't really as simple as just displaying the output from stroke or lsof or netstat. In my day job, I have to help manage a bunch of Linux servers, and having a display something like this would be pretty useful to me.

But the scripts make some serious, serious mistakes.

• You can't just run the thing and see the output in a Terminal window like a normal Unix script — you *must* run it through GeekTool.

• If you try to look at the source of the script while it's running, it will refuse to run, because the `vi open_ports.sh` command will show up among your running processes, and it halts when it sees this. (It's possible this is a bug rather than intentional obfuscation — obviously you can get around it by linking the file to another name and just working with the other version in the text editor.)

• If you try to modify the script, it will refuse to run, because it does an SHA checksum on itself, compared to a version downloaded from the author's site. (Then again, you could just comment out the checksum & exit code.)

• As another commenter noted, it's using a deprecated means to communicate with a Geo-IP lookup service that's of questionable utility anyway. Unless you're using this script to maintain a log of your travels, chances are you don't need this in the first place.

• By checking in with the author's web server, the program is effectively spyware, as it's recording an unnecessary log of where you've been and what software you've been running, and regularly phoning home back to the author's site. The current version does not appear to send personal information back, but given that the script has an auto-update mechanism built in, there is no guarantee about what future versions may do with this info.

Basically, if there were a version of this script that just ran like a normal Unix command and looked up this info and displayed it like this, that wold be pretty handy. And if it wanted to have an optional update function THAT YOU CAN CONTROL, then that would be acceptable too — most software comes with some kind of update notification framework these days, that's not controversial. And if you could turn off the logging &/or the location lookups, even better.

But the original point that I & others made still stands. Unless you personally know & trust Mr Moller, these scripts as designed & written should not be considered. A version that fixed some of these problems, sure, that could be handy, but it would be almost as easy to just write it from scratch as it would to wait for an alternate version of this that wasn't so frightening.

---
--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]
View currently open network connections
Authored by: PeterMoller on Jul 08, '11 12:22:55PM

Wow! Lots of opinions! :-)

>Having now looked at Peter Moller's site, and read over the source of his scripts, it's not *that* bad.
Well, thank you!


>Moller is a systems administrator at Lund University in Sweden. (I'll give the uni the benefit of the doubt & assume they don't have a criminal working as their sysadmin.)
I have been a sysadmin here for some 20 years now, and no, no criminal charges! :-) But I understand you guys; I probably would have been sceptic about this too. But look at the script, it's fairly simple and, I hope, well commented!

>The output from the script does include a lot of information that isn't really as simple as just displaying the output from stroke or lsof or netstat. In my day job, I have to help manage a bunch of Linux servers, and having a display something like this would be pretty useful to me.
I have it running on a bunch of servers at the dept. and on one machine, it immediatley informed me that a whole bunch of clients still used it's SMB-service (which they shouldn't have)


One general comment first: the script *must* run as root or you will only see your own network connections. One aspect of this script is to help find installed spyware/malware (and this is not one); those rarely run as *you*! Only seeing one users aspect of a UNIX computer is almost completely useless in a general view. So, root. Unfortunatley. Sorry, guys.


>• You can't just run the thing and see the output in a Terminal window like a normal Unix script — you *must* run it through GeekTool.
Nope. If you read the instructions, you see that run as root, the script generates the data and run as any other user (i.e. your normal account) it displays the data. Try it yourself! GeekTool just displays what would have been viewed in a Terminal window. This is how I run it under Linux.


>• If you try to look at the source of the script while it's running, it will refuse to run, […]
Yes, I know. Then again, I didn't consider it important enugh to fix. Since the geo lookup can take some time, I didn't want it to launch copy after copy after copy of the script. I write it in TextWrangler and that doesn't make any problem.


>• If you try to modify the script, it will refuse to run, because it does an SHA checksum on itself, compared to a version downloaded from the author's site. (Then again, you could just comment out the checksum & exit code.)
Nope, absolutely not. The checksum is *only* used to verify the “new” script when updating.


>• As another commenter noted, it's using a deprecated means to communicate with a Geo-IP lookup service that's of questionable utility anyway. […]
True. Two points, though:
1. I included it mostly because I found it to be intruiging
2. But having it and starting to look at the data, I realised that this kind of information is coming big time (throught different
means, though). If nothing else, the Ad industry is highly into this and both iOS and OS X now have location manager
(see this URL for instance: http://developer.apple.com/library/ios/#documentation/CoreLocation/Reference/CLLocationManager_Class/CLLocationManager/CLLocationManager.html)


>• By checking in with the author's web server, the program is effectively spyware, as it's recording an unnecessary log of where you've been and what software you've been running, and regularly phoning home back to the author's site.
Nope. Absolutely *not*. No information of any kind is transmitted from the client of open_ports.sh to the web-server — or any other server of any kind that I have or am aware of. Naturally, the apache web-server logs your visit in the normal way but nothing whatsoever more than that. Read the script!
There is a local logging that I included mostly to see how the computers idea of where in the world I have been matches where I have actually been, but it is not needed or even used in any way (or communicated in any way to anyone).


>[…] And if it wanted to have an optional update function THAT YOU CAN CONTROL, then that would be acceptable too — most software comes with some kind of update notification framework these days, that's not controversial.[…]
Ok, I hear it loud and clear: people don't want auto update, so I will most probably turn it of in the next version and instead have the script perform the chek (if there is a new version) and *inform* the user that there is a new version ready to be fetched.


>But the original point that I & others made still stands. Unless you personally know & trust Mr Moller, these scripts as designed & written should not be considered.
I guess I would have been wary as well. But now I'm me and find this quite useful at work, so I thought I should share it.



[ Reply to This | # ]