FreeBSD Kernel Critical Update: arc4random predictable sequence vulnerability

Posted on in Categories FreeBSD, Security, Security Alert last updated November 25, 2008

FreeBSD today released a core (kernel) patched to plug “arc4random predictable sequence vulnerability” security hole in its operating systems version 6.x and 7.x stable release. When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. All security-related kernel subsystems that rely on a quality random number generator are subject to a wide range of possible attacks. This update has been rated as having important security impact.

FreeBSD List / Display Open Ports With sockstat Command

Posted on in Categories FreeBSD, Hardware, Howto, Monitoring, Networking last updated February 8, 2008

You can use traditional netstat / lsof command to lists open Internet or UNIX domain sockets on FreeBSD. FreeBSD comes with a simple and easy to use command called sockstat.
The -4 option only displays IPv4 sockets.

The -6 option only displays IPv6 sockets.

The -c option only displays connected sockets.

The -l option only displays listening sockets (open port).

For example, display IPv4 related open ports, enter:
# sockstat -4 -l
Output:

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     sendmail   653   3  tcp4   127.0.0.1:25          *:*
root     sshd       647   3  tcp4   10.20.110.2:22        *:*
root     ntpd       616   4  udp4   *:123                 *:*

Here the equivalent of netstat:
$ netstat -nat | grep LISTEN
For information read sockstat command man page:
$ man sockstat