Re: [sleuthkit-users] autopsy opens socket with INADDR_ANY

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

> due to the missing SSL support I use autopsy only on the localhost.
>
> I notived that even in this case port 9999 is opened on every
interface.
>
> I wrote a small patch for autopsy 2.08 to fix this behavior if no
remote address is specified.

My personal preference is in line with Dr. Waldeck's.  It would be
nice if the default was to listen only on localhost.

> --- autopsy     2007-01-23 16:07:09.000000000 +0100
> +++ autopsy_patched     2007-01-23 16:06:21.000000000 +0100
> @@ -334,8 +334,15 @@
>  setsockopt(Server, SOL_SOCKET, SO_KEEPALIVE, 1)
>    or die "Error setting network socket options (keep alive): $!";
>
> -bind(Server, sockaddr_in($port, INADDR_ANY))
> -  or die "Error binding to port $port (is Autopsy already running?): $!";
> +if ($rema eq "localhost") {
> +  my $ip = '127.0.0.1';
> +  my $binary = inet_aton($ip);
> +  bind(Server, sockaddr_in($port, $binary))

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
However, I think you might want to check the return value of this bind()
call, just in case the localhost port is already taken.

> +}
> +else {
> +  bind(Server, sockaddr_in($port, INADDR_ANY))
> +    or die "Error binding to port $port (is Autopsy already running?): $!";
> +}

tim