Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
5060/tcp open on lo0 and ICMP Responses #769
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
xbtc-im
Oct 14, 2017
netstat -utapn | grep 5060
tcp 0 0 0.0.0.0:5060 0.0.0.0:* UNKNOWN 582/netmgrd
tcp6 0 0 :::5060 :::* UNKNOWN 582/netmgrd
udp 0 0 0.0.0.0:5060 0.0.0.0:* UNKNOWN 582/netmgrd
udp6 0 0 :::5060 :::* UNKNOWN 582/netmgrd
it looks like it's open on 0.0.0.0 and netmgrd is vendor/proprietary ... I guess it can be firewalled anyway. I think this works as intended, it might have something to do with VoLTE stuff.
xbtc-im
commented
Oct 14, 2017
•
edited
Edited 1 time
-
xbtc-im
edited Oct 14, 2017
edited
-
Oct 14, 2017
|
netstat -utapn | grep 5060 it looks like it's open on 0.0.0.0 and netmgrd is vendor/proprietary ... I guess it can be firewalled anyway. I think this works as intended, it might have something to do with VoLTE stuff. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment
thestinger
Oct 14, 2017
Contributor
This is working as intended.
but maybe for privacy's sake disabling ICMP responses would be an idea.
How would it improve privacy? It just makes the device more easily identifiable as CopperheadOS. Either way, it's visible on networks when it's connected.
|
This is working as intended.
How would it improve privacy? It just makes the device more easily identifiable as CopperheadOS. Either way, it's visible on networks when it's connected. |
securesearch commentedOct 14, 2017
Noticed that 5060/tcp is open on localhost to third party applications. No doubt this is linked to qualcomm processes and phone services. Tried to find out which process was listening on 5060 with netstat over adb but netstat simply listed the listening process as UNKNOWN. Unsure whether the listening process is exploitable, but seems unnecessary.
If this is something that you do look at, I would not suggest completely removing access to localhost for third party applications without a toggle, since quite a few applications rely on localhost to communicate with helper applications that communicate with custom USB peripherals, etc.
I also note that CopperheadOS devices respond to ICMP probes on wlan0. Of course, responding to these is only a minor issue, and can sometimes be a matter of personal preference, but maybe for privacy's sake disabling ICMP responses would be an idea.