Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'View currently open network connections' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
View currently open network connections
Authored by: PeterMoller on Jul 08, '11 12:22:55PM

Wow! Lots of opinions! :-)

>Having now looked at Peter Moller's site, and read over the source of his scripts, it's not *that* bad.
Well, thank you!


>Moller is a systems administrator at Lund University in Sweden. (I'll give the uni the benefit of the doubt & assume they don't have a criminal working as their sysadmin.)
I have been a sysadmin here for some 20 years now, and no, no criminal charges! :-) But I understand you guys; I probably would have been sceptic about this too. But look at the script, it's fairly simple and, I hope, well commented!

>The output from the script does include a lot of information that isn't really as simple as just displaying the output from stroke or lsof or netstat. In my day job, I have to help manage a bunch of Linux servers, and having a display something like this would be pretty useful to me.
I have it running on a bunch of servers at the dept. and on one machine, it immediatley informed me that a whole bunch of clients still used it's SMB-service (which they shouldn't have)


One general comment first: the script *must* run as root or you will only see your own network connections. One aspect of this script is to help find installed spyware/malware (and this is not one); those rarely run as *you*! Only seeing one users aspect of a UNIX computer is almost completely useless in a general view. So, root. Unfortunatley. Sorry, guys.


>• You can't just run the thing and see the output in a Terminal window like a normal Unix script — you *must* run it through GeekTool.
Nope. If you read the instructions, you see that run as root, the script generates the data and run as any other user (i.e. your normal account) it displays the data. Try it yourself! GeekTool just displays what would have been viewed in a Terminal window. This is how I run it under Linux.


>• If you try to look at the source of the script while it's running, it will refuse to run, […]
Yes, I know. Then again, I didn't consider it important enugh to fix. Since the geo lookup can take some time, I didn't want it to launch copy after copy after copy of the script. I write it in TextWrangler and that doesn't make any problem.


>• If you try to modify the script, it will refuse to run, because it does an SHA checksum on itself, compared to a version downloaded from the author's site. (Then again, you could just comment out the checksum & exit code.)
Nope, absolutely not. The checksum is *only* used to verify the “new” script when updating.


>• As another commenter noted, it's using a deprecated means to communicate with a Geo-IP lookup service that's of questionable utility anyway. […]
True. Two points, though:
1. I included it mostly because I found it to be intruiging
2. But having it and starting to look at the data, I realised that this kind of information is coming big time (throught different
means, though). If nothing else, the Ad industry is highly into this and both iOS and OS X now have location manager
(see this URL for instance: http://developer.apple.com/library/ios/#documentation/CoreLocation/Reference/CLLocationManager_Class/CLLocationManager/CLLocationManager.html)


>• By checking in with the author's web server, the program is effectively spyware, as it's recording an unnecessary log of where you've been and what software you've been running, and regularly phoning home back to the author's site.
Nope. Absolutely *not*. No information of any kind is transmitted from the client of open_ports.sh to the web-server — or any other server of any kind that I have or am aware of. Naturally, the apache web-server logs your visit in the normal way but nothing whatsoever more than that. Read the script!
There is a local logging that I included mostly to see how the computers idea of where in the world I have been matches where I have actually been, but it is not needed or even used in any way (or communicated in any way to anyone).


>[…] And if it wanted to have an optional update function THAT YOU CAN CONTROL, then that would be acceptable too — most software comes with some kind of update notification framework these days, that's not controversial.[…]
Ok, I hear it loud and clear: people don't want auto update, so I will most probably turn it of in the next version and instead have the script perform the chek (if there is a new version) and *inform* the user that there is a new version ready to be fetched.


>But the original point that I & others made still stands. Unless you personally know & trust Mr Moller, these scripts as designed & written should not be considered.
I guess I would have been wary as well. But now I'm me and find this quite useful at work, so I thought I should share it.



[ Reply to This | # ]