HPE Community
Operating System - HP-UX
1753768 Members
5768 Online
108799 Solutions
New Discussion юеВ

Re: locking and opening sockets

 
Kevin Bingham
Regular Advisor

тАО05-17-2006 03:02 AM

тАО05-17-2006 03:02 AM

locking and opening sockets

Hi,

I am a complete novice with respect to Unix network security and have some questions:

We sell our s/w to companies running HP or AIX servers, and I need to know how to advise other novice Sysadm's how to lock and/or open the sockets or software needs. e.g. one customer whose sysadm resigned just before they bought our s/w needs to know how to open the 7500 port up. I guess it's safe to assume a starting position of no 3rd party software, to mentioning major players in the firewall environments... a broad topic I know.

Any detailed answers will be gladly received (and rewarded).

Thanks in advance
Kevin
0 Kudos
Reply
3 REPLIES 3
A. Clay Stephenson
Acclaimed Contributor

тАО05-17-2006 03:12 AM

тАО05-17-2006 03:12 AM

Re: locking and opening sockets

First go hit your developer over the head because he didn't play by the rules.
He should have gone to this site and determined if port 7500 is not registered.

http://www.iana.org/assignments/port-numbers

But it any event there is no way to "lock" a port because it is first come, first served. The first process to begin listening on port 7500 wins.

What you really need to do is a "netstat -an | grep 7500" and if nothing is found then the port is not being used --- at the moment.

Ideally, you would find a port that is available according to IANA and also is not currently in use on your boxes (and if this is a serious project then register this port).

NOTE: entries in /etc/services do nothing to reserve a port; those entries simply do name to portnumber mapping.
If it ain't broke, I can fix that.
0 Kudos
Reply
Kevin Bingham
Regular Advisor

тАО05-17-2006 03:46 AM

тАО05-17-2006 03:46 AM

Re: locking and opening sockets

Thanks for the response Clay, I guess I should have put this info in the original post as well:

When running on Unix, our software uses a 3 tier architecture. Clients running on Windows, who need to know which socket to connect to on Unix, a 3rd party "communications manager" which is started as a daemon on Unix and takes a socket as an input parm, and this then calls our servers. Since the socket is passed as a Parm to the Comm's manager software, we can choose any socket we like, so it's probably best not to register it with IANA since the value is customer specific.

I still need to know how to advise my customers on how to "open/close" the chosen socket, perhaps involving a firewall layer. Like I said, I am a Networking Novice... just trying my best.
0 Kudos
Reply
rick jones
Honored Contributor

тАО05-17-2006 12:43 PM

тАО05-17-2006 12:43 PM

Re: locking and opening sockets

Kevin -

It may seem like splitting hairs, but clients do not connect to sockets on servers. Clients connect to _ports_ and IP addresses on servers. Sockets are merely an interface between the application and the transport. A socket will be associated with a transport endpoint, that transport endpoing can be bound to an IP address and/or port.

Firewalls, either hardware or software do not block or allow access to sockets, they block or allow access to IP addresses or ports. How one manipulates that will vary from firewall product to firewall product.

HP-UX uses ipfilter, and the docs for ipfilter are likely on http://docs.hp.com/

Others have already noted how port numbers are first come, first served. One can add an entry to /etc/services without having to regsiter with the IANA. Just keep in mind that /etc/services is nothing more than a convenience to associate a port number with a service name. It is in no way shape or form a "reservation" system for a port number on a system.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.