HPE Community
Operating System - HP-UX
1848602 Members
6759 Online
104033 Solutions
New Discussion

Re: port usage

 
Elena Leontieva
Esteemed Contributor

‎04-14-2004 01:55 AM

‎04-14-2004 01:55 AM

port usage

Hi,

My application/DBA reports that a dispatcher process drops occasionally. I started a monitoring script that logs who is using this port every minute:
lsof -i @hostname:port#

All the established connections are valid users of the application.

Is there a way I can figure/prove that our security team runs a port scan?

Any other ideas on what could be done to find out what causes the dispatcher service to drop?

Thanks,
Elena.
0 Kudos
Reply
2 REPLIES 2
Jeff Schussele
Honored Contributor

‎04-14-2004 02:07 AM

‎04-14-2004 02:07 AM

Re: port usage

Hi Elena,

Well you could cron a netstat command every minute, but the chances you'll catch a port scan in progress are small because the time the scan would be accessing the port is probably for less than a full minute.

I think you're best bet is some sort of DB connection logging that would capture source IP.

I would think that there would have to be some management approval for these port scans - or at least there *should* be because they can be inherently dangerous, so I'd engage your management to check on these as well & if it's determined that they are indeed scanning your DB system request they stop scanning the DB connection ports.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎04-14-2004 02:22 AM

‎04-14-2004 02:22 AM

Re: port usage

You might want to use a tool like Ethereal on a fairly speedy PC and trace all activity to/from the IP address. Be prepared for very large log files and a lot of information to look through, but if the DBA can pinpoint the exact time (within a second or two) you should be able to see something.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.