Login or Register to Ask a Question and Join Our Community


AIX

AIX IP security question

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX AIX IP security question
# 1  
Old 02-10-2012
AIX IP security question
Recently the network auditor found a security hole at port 50000. The port 50000 is used by db2.
When I enter command "netstat -Aan |grep 50000", it showed some established connections and are all db2 processes.

I have asked the application team and they answered that the port 50000 connection is needed only in local machine. They want the local machine to allow access to this port, while blocking all other connections not from local machine.

I tried to use IP security to block connections to port 50000, below are the filter rules:
1 *** Dynamic filter placement rule for IKE tunnels *** no
2 deny 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 eq 50000 both both no all packets 0 en0 0 none
3 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 yes all any 0 any 0 both both no all packets 0 all 0 none

After activating this IP filter, I tried using another machine to test connection to this port by command : "telnet <IP> 50000". If the IP security is function properly, I should not be able to connect to it, but the result showed that I can connect into it.

I tried to change the port from 50000 to 21 and try telnet test. This time it behaves properly, I cannot telnet from remote machine to port 21, but can telnet to localhost port 21. I expect to have this result with port 50000.

Is there any error in my setting in IP filter? Please help!! Smilie
# 2  
Old 02-10-2012
Another solution would be for them to change the interface they are running on from the interface with the IP (en2 in the example below) to instead run it on 127.0.0.1 (your loopback address). Of course they would have to change where they are conneting to but it may work.
Code:
hostname:/:$ ifconfig -a
en2: flags=1e080863,480<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),CHAIN>
        inet 10.177.1.20 netmask 0xffff0000 broadcast 10.177.1.255
         tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1
lo0: flags=e08084b,c0<UP,BROADCAST,LOOPBACK,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,LARGESEND,CHAIN>
        inet 127.0.0.1 netmask 0xff000000 broadcast 127.255.255.255
        inet6 ::1%1/0
         tcp_sendspace 131072 tcp_recvspace 131072 rfc1323 1
hostname:/:$

# 3  
Old 02-10-2012
If you consider the incoming packet, you need to focus on destination port. You have to set destination port equals to 50000. Which you did. But, why not setting the direction to only "inbound"? What's the point of setting it "both" when you are concentrating mainly on incoming packets? Also, consider changing the source IP and subnet mask to be more precise for your network. Can you test this and check if it works?
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. AIX

Will it affect my AIX LPAR security, when i set up email alerts on AIX server.

Hello, I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior. for example 1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert. 2) disk usage alerts 3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies

2. AIX

Setting up Password Security in AIX 5.3

In AIX 5.3 tech level 11: I want to setup a default password policy to have at least one of each of the following: alpha character, numeric character, and "special" character ("!", "&", etc). The smitty Security and Users --> Passwords --> System Password Policy screen only offers "MIN... (2 Replies)
Discussion started by: kikwit_phil
2 Replies

3. UNIX for Dummies Questions & Answers

Security Question

In an effort to adapt to best security practices, it has been suggested that a number of scripts that are going to be distributed to multiple machines across an internal network use be modified to replace instances of rsh and rcp with openSSH ssh and scp. Since there are so many references to rsh... (1 Reply)
Discussion started by: jasondj
1 Replies

4. UNIX for Dummies Questions & Answers

/etc/security/user file in AIX

Dear Gurus, Can the /etc/security/user file be edit manually in AIX. I would like to change the histsize in the default. Currently is set to 0. Please advise whether i can just edit it manually, whether it would cause any harm? thank You Very much. (0 Replies)
Discussion started by: cteoh88
0 Replies

5. AIX

Ip Security on AIX 5.2

Hello, does anyone have experience with setting up IP Security Filter Rules on AIX 5.2? We need the ability to block access to a certain ip address from our development server and the thought was to configure a rule with AIX. It appears simple and straight forward, but I wanted to get some other... (0 Replies)
Discussion started by: zuessh
0 Replies

6. AIX

AIX Virtualization question for non-AIX user

Hello, My first post to the Unix forums, thanks for having me! The division of the company I work for uses a xseries/redhat/VMWareServer solution to make sure that we keep hardware overhead low and use our machines to as near capacity as we can. These boxes are Intel with usually dual or... (1 Reply)
Discussion started by: greenteabagger
1 Replies

7. Cybersecurity

One Question about security

Hi there, Due to limited resource available in my network, I had to allow users comming from internet to telnet my SCO UNIXWARE box directly, like: telnet 23.1.1.2, anyone can access. I can't make it secure based on IP addresses or hostnames since IP address is dynamic. I have made all the... (9 Replies)
Discussion started by: tayyabq8
9 Replies

8. UNIX for Dummies Questions & Answers

security question

I just wanted to know when dealing with key loggers, What would be a normal routine for searching them out. I really don't know what I am looking for other than odd process. Also packet sniffers. What are signs? (0 Replies)
Discussion started by: blanks
0 Replies

9. UNIX for Advanced & Expert Users

Aix Security

Is there any way to revoke some IP address to connect to my AIX server 4.3.3.0 with telnet session? Please help... (2 Replies)
Discussion started by: eyounes
2 Replies
Login or Register to Ask a Question