Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX IP security question
Operating Systems AIX AIX IP security question Post 302597281 by skeyeung on Thursday 9th of February 2012 11:01:47 PM
Old 02-10-2012
AIX IP security question
Recently the network auditor found a security hole at port 50000. The port 50000 is used by db2.
When I enter command "netstat -Aan |grep 50000", it showed some established connections and are all db2 processes.

I have asked the application team and they answered that the port 50000 connection is needed only in local machine. They want the local machine to allow access to this port, while blocking all other connections not from local machine.

I tried to use IP security to block connections to port 50000, below are the filter rules:
1 *** Dynamic filter placement rule for IKE tunnels *** no
2 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 eq 50000 both both no all packets 0 en0 0 none
3 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both no all packets 0 all 0 none

After activating this IP filter, I tried using another machine to test connection to this port by command : "telnet <IP> 50000". If the IP security is function properly, I should not be able to connect to it, but the result showed that I can connect into it.

I tried to change the port from 50000 to 21 and try telnet test. This time it behaves properly, I cannot telnet from remote machine to port 21, but can telnet to localhost port 21. I expect to have this result with port 50000.

Is there any error in my setting in IP filter? Please help!! Smilie
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Aix Security

Is there any way to revoke some IP address to connect to my AIX server 4.3.3.0 with telnet session? Please help... (2 Replies)
Discussion started by: eyounes
2 Replies

2. UNIX for Dummies Questions & Answers

security question

I just wanted to know when dealing with key loggers, What would be a normal routine for searching them out. I really don't know what I am looking for other than odd process. Also packet sniffers. What are signs? (0 Replies)
Discussion started by: blanks
0 Replies

3. Cybersecurity

One Question about security

Hi there, Due to limited resource available in my network, I had to allow users comming from internet to telnet my SCO UNIXWARE box directly, like: telnet 23.1.1.2, anyone can access. I can't make it secure based on IP addresses or hostnames since IP address is dynamic. I have made all the... (9 Replies)
Discussion started by: tayyabq8
9 Replies

4. AIX

AIX Virtualization question for non-AIX user

Hello, My first post to the Unix forums, thanks for having me! The division of the company I work for uses a xseries/redhat/VMWareServer solution to make sure that we keep hardware overhead low and use our machines to as near capacity as we can. These boxes are Intel with usually dual or... (1 Reply)
Discussion started by: greenteabagger
1 Replies

5. AIX

Ip Security on AIX 5.2

Hello, does anyone have experience with setting up IP Security Filter Rules on AIX 5.2? We need the ability to block access to a certain ip address from our development server and the thought was to configure a rule with AIX. It appears simple and straight forward, but I wanted to get some other... (0 Replies)
Discussion started by: zuessh
0 Replies

6. UNIX for Dummies Questions & Answers

/etc/security/user file in AIX

Dear Gurus, Can the /etc/security/user file be edit manually in AIX. I would like to change the histsize in the default. Currently is set to 0. Please advise whether i can just edit it manually, whether it would cause any harm? thank You Very much. (0 Replies)
Discussion started by: cteoh88
0 Replies

7. UNIX for Dummies Questions & Answers

Security Question

In an effort to adapt to best security practices, it has been suggested that a number of scripts that are going to be distributed to multiple machines across an internal network use be modified to replace instances of rsh and rcp with openSSH ssh and scp. Since there are so many references to rsh... (1 Reply)
Discussion started by: jasondj
1 Replies

8. AIX

Setting up Password Security in AIX 5.3

In AIX 5.3 tech level 11: I want to setup a default password policy to have at least one of each of the following: alpha character, numeric character, and "special" character ("!", "&", etc). The smitty Security and Users --> Passwords --> System Password Policy screen only offers "MIN... (2 Replies)
Discussion started by: kikwit_phil
2 Replies

9. AIX

Will it affect my AIX LPAR security, when i set up email alerts on AIX server.

Hello, I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior. for example 1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert. 2) disk usage alerts 3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies

LEARN ABOUT OPENDARWIN

auscope

AUSCOPE(1)						      General Commands Manual							AUSCOPE(1)

NAME

       auscope - Network Audio System Protocol Filter

SYNOPSIS

       auscope [ option ] ...

DESCRIPTION

       auscope	is  an	audio  protocol  filter  that can be used to view the network packets being sent between an audio application and an audio
       server.

       auscope is written in Perl, so you must have Perl installed on your machine in order to run  auscope.   If  your  Perl  executable  is  not
       installed  as  /usr/local/bin/perl,  you should modify the first line of the auscope script to reflect the Perl executable's location.  Or,
       you can invoke auscope as

       perl auscope [ option ] ...

       assuming the Perl executable is in your path.

       To operate, auscope must know the port on which it should listen for audio clients, the name of the desktop  machine  on  which	the  audio
       server  is running and the port to use to connect to the audio server.  Both the output port (server) and input port (client) are automati-
       cally biased by 8000.  The output port defaults to 0 and the input port defaults to 1.

ARGUMENTS

       -i<input-port>
	       Specify the port that auscope will use to take requests from clients.

       -o<output-port>
	       Determines the port that auscope will use to connect to the audio server.

       -h<audio server name>
	       Determines the desktop machine name that auscope will use to find the audio server.

       -v<print-level>
	       Determines the level of printing which auscope will provide.  The print-level can be 0 or 1.  The larger  numbers  provide  greater
	       output detail.

EXAMPLES

       In  the	following  example,  mcxterm is the name of the desktop machine running the audio server, which is connected to the TCP/IP network
       host tcphost.  auscope uses the desktop machine with the -h command line option, will listen for client requests on port 8001  and  connect
       to the audio server on port 8000.

       Ports  (file  descriptors)  on the network host are used to read and write the audio protocol.  The audio client auplay will connect to the
       audio server via the TCP/IP network host tcphost and port 8001:

	      auscope -i1 -o0 -hmcxterm

	      auplay -audio tcp/tcphost:8001 dial.snd

       In the following example, the auscope verbosity is increased to 1, and the audio client autool will connect to the  audio  server  via  the
       network host tcphost, while displaying its graphical interface on another server labmcx:

	      auscope -i1 -o0 -hmcxterm -v1

	      autool -audio tcp/tcphost:8001 -display labmcx:0.0

SEE ALSO

       nas(1), perl(1)

COPYRIGHT

       Copyright 1994 Network Computing Devices, Inc.

AUTHOR

       Greg Renda, Network Computing Devices, Inc.

								       1.9.3								AUSCOPE(1)
All times are GMT -4. The time now is 03:37 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy