Re: Securing dynamic UDP/TCP ports used by OM application (and not documented)

avishay · ‎2010-12-19

Hi,

IHAC that had a thorough review by security exprts.

one of their findings was list of ports being listened with "*" source IP.

the ports are over TCP & UDP, and are dynamic - changing with every service restart

the process listening is "dfmmonitor" & "dfmeventd"

these ports are not documented.

I would like to know if possible to configure application not to listen to these ports or at least open them on localhost only.

Thank you in Advance,

Avishay Mano

adaikkap · ‎2010-12-23

There is no way to do this today.

Pls raise a request for enhancement for the same.

Regards

adai

joycem · ‎2012-06-08

Avishay,

I am currently having the same problem at my customer with regard to use of dynamic UDP ports. We can't even identify which services are using the ports. In your case were "dfmmonitor" & "dfmeventd" listening on dynamic ports on the filer? Did you ever find an answer to how to secure the system from opening these dynamic ports?

Thank you in advance for any insight. We are running up against some regulation issues and need solve this security problem.

Best Regards,

Joyce

adaikkap · ‎2012-06-12

Hi Joyce,

Looks like there is no way in the current product to make them listen in fixed ports. For a detailed list of port used by DFM pls take at look at the below FAQ link.

https://library.netapp.com/ecmdocs/ECMM1278650/html/faq/index.shtml#_3.14

Regards

adai

joycem · ‎2012-06-13

Thanks for the response. I don't see any info on dynamic ports in use in the FAQ. Can you tell me if DFM requires any dynamic ports to be open on the FAS system itself?

Thanks,

Joyce

hiyer · ‎2012-06-13

No it doesn't - only the static ports listed in the document posted by Adai are used.