- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: locking and opening sockets
Operating System - HP-UX
1753768
Members
5768
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2006 03:02 AM
тАО05-17-2006 03:02 AM
locking and opening sockets
Hi,
I am a complete novice with respect to Unix network security and have some questions:
We sell our s/w to companies running HP or AIX servers, and I need to know how to advise other novice Sysadm's how to lock and/or open the sockets or software needs. e.g. one customer whose sysadm resigned just before they bought our s/w needs to know how to open the 7500 port up. I guess it's safe to assume a starting position of no 3rd party software, to mentioning major players in the firewall environments... a broad topic I know.
Any detailed answers will be gladly received (and rewarded).
Thanks in advance
Kevin
I am a complete novice with respect to Unix network security and have some questions:
We sell our s/w to companies running HP or AIX servers, and I need to know how to advise other novice Sysadm's how to lock and/or open the sockets or software needs. e.g. one customer whose sysadm resigned just before they bought our s/w needs to know how to open the 7500 port up. I guess it's safe to assume a starting position of no 3rd party software, to mentioning major players in the firewall environments... a broad topic I know.
Any detailed answers will be gladly received (and rewarded).
Thanks in advance
Kevin
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2006 03:12 AM
тАО05-17-2006 03:12 AM
Re: locking and opening sockets
First go hit your developer over the head because he didn't play by the rules.
He should have gone to this site and determined if port 7500 is not registered.
http://www.iana.org/assignments/port-numbers
But it any event there is no way to "lock" a port because it is first come, first served. The first process to begin listening on port 7500 wins.
What you really need to do is a "netstat -an | grep 7500" and if nothing is found then the port is not being used --- at the moment.
Ideally, you would find a port that is available according to IANA and also is not currently in use on your boxes (and if this is a serious project then register this port).
NOTE: entries in /etc/services do nothing to reserve a port; those entries simply do name to portnumber mapping.
He should have gone to this site and determined if port 7500 is not registered.
http://www.iana.org/assignments/port-numbers
But it any event there is no way to "lock" a port because it is first come, first served. The first process to begin listening on port 7500 wins.
What you really need to do is a "netstat -an | grep 7500" and if nothing is found then the port is not being used --- at the moment.
Ideally, you would find a port that is available according to IANA and also is not currently in use on your boxes (and if this is a serious project then register this port).
NOTE: entries in /etc/services do nothing to reserve a port; those entries simply do name to portnumber mapping.
If it ain't broke, I can fix that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2006 03:46 AM
тАО05-17-2006 03:46 AM
Re: locking and opening sockets
Thanks for the response Clay, I guess I should have put this info in the original post as well:
When running on Unix, our software uses a 3 tier architecture. Clients running on Windows, who need to know which socket to connect to on Unix, a 3rd party "communications manager" which is started as a daemon on Unix and takes a socket as an input parm, and this then calls our servers. Since the socket is passed as a Parm to the Comm's manager software, we can choose any socket we like, so it's probably best not to register it with IANA since the value is customer specific.
I still need to know how to advise my customers on how to "open/close" the chosen socket, perhaps involving a firewall layer. Like I said, I am a Networking Novice... just trying my best.
When running on Unix, our software uses a 3 tier architecture. Clients running on Windows, who need to know which socket to connect to on Unix, a 3rd party "communications manager" which is started as a daemon on Unix and takes a socket as an input parm, and this then calls our servers. Since the socket is passed as a Parm to the Comm's manager software, we can choose any socket we like, so it's probably best not to register it with IANA since the value is customer specific.
I still need to know how to advise my customers on how to "open/close" the chosen socket, perhaps involving a firewall layer. Like I said, I am a Networking Novice... just trying my best.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2006 12:43 PM
тАО05-17-2006 12:43 PM
Re: locking and opening sockets
Kevin -
It may seem like splitting hairs, but clients do not connect to sockets on servers. Clients connect to _ports_ and IP addresses on servers. Sockets are merely an interface between the application and the transport. A socket will be associated with a transport endpoint, that transport endpoing can be bound to an IP address and/or port.
Firewalls, either hardware or software do not block or allow access to sockets, they block or allow access to IP addresses or ports. How one manipulates that will vary from firewall product to firewall product.
HP-UX uses ipfilter, and the docs for ipfilter are likely on http://docs.hp.com/
Others have already noted how port numbers are first come, first served. One can add an entry to /etc/services without having to regsiter with the IANA. Just keep in mind that /etc/services is nothing more than a convenience to associate a port number with a service name. It is in no way shape or form a "reservation" system for a port number on a system.
It may seem like splitting hairs, but clients do not connect to sockets on servers. Clients connect to _ports_ and IP addresses on servers. Sockets are merely an interface between the application and the transport. A socket will be associated with a transport endpoint, that transport endpoing can be bound to an IP address and/or port.
Firewalls, either hardware or software do not block or allow access to sockets, they block or allow access to IP addresses or ports. How one manipulates that will vary from firewall product to firewall product.
HP-UX uses ipfilter, and the docs for ipfilter are likely on http://docs.hp.com/
Others have already noted how port numbers are first come, first served. One can add an entry to /etc/services without having to regsiter with the IANA. Just keep in mind that /etc/services is nothing more than a convenience to associate a port number with a service name. It is in no way shape or form a "reservation" system for a port number on a system.
there is no rest for the wicked yet the virtuous have no pillows
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP