HPE Community
Operating System - HP-UX
1820477 Members
2915 Online
109624 Solutions
New Discussion юеВ

port 446 vulnerability

 
SOLVED
Go to solution
T G Manikandan
Honored Contributor

тАО03-10-2003 09:12 PM

тАО03-10-2003 09:12 PM

port 446 vulnerability

We need to open port 446 for the db2 access.
Are there any vulnerabilities?

THanks
0 Kudos
Reply
3 REPLIES 3
Michael Tully
Honored Contributor

тАО03-10-2003 09:24 PM

тАО03-10-2003 09:24 PM

Solution

Re: port 446 vulnerability

As far as I'm aware there isn't any for port 446.

I checked http://www.cert.org

Cheers
Michael
Anyone for a Mutiny ?
Reply
Bill Hassell
Honored Contributor

тАО03-11-2003 04:43 AM

тАО03-11-2003 04:43 AM

Re: port 446 vulnerability

The port itself (like any other port) isn't the issue, it's the daemon or program that uses the port. As long as the code monitoring the port performs reliable authentication and sanity checks on the incoming requests and data, it should be fine. The SQLslammer was an example of an exploit for a database port, fixed with a patch to the monitoring program.


Bill Hassell, sysadmin
Reply
Yogeeraj_1
Honored Contributor

тАО03-11-2003 05:12 AM

тАО03-11-2003 05:12 AM

Re: port 446 vulnerability

hi,

"All data is fraudulent.
All communications are attempted hacks.
All clients are thieves.
Technology is only my first line of defense"
- morning litany for a Web Server Administrator


Also, Bill Hassel said it right:
"The port itself (like any other port) isn't the issue, it's the daemon or program that uses the port."

I recently went through a white paper (attached) which clearly explains the "SQL Injection". Go through it and you can then assess the vulnerability of your port 446.

I would also recommend reading of I recommend reading
eXtropia.com???s ???Introduction to Databases for Web Developers??? at
http://www.extropia.com/tutorials/sql/toc.html.

hth
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.