HPE Community
Operating System - OpenVMS
1832390 Members
3453 Online
110041 Solutions
New Discussion

Re: Unnecessary Ports Opened on OpenVMS System.

 
Mahmoud_1
Frequent Advisor

‎04-02-2006 11:00 PM

‎04-02-2006 11:00 PM

Unnecessary Ports Opened on OpenVMS System.

Dear All,
I did a port scan to my network I found many ports opend from UNIX machines and OpenVMS systems.
How can I close or disable a certain port in OpenVMS TCPIP protocol.
and are there any SW like firewall related to OpenVMS to be installed under OpenVMS System.
Note : I dont ask about common ports or known ports like FTP,TELNET,...
Thanks
0 Kudos
Reply
4 REPLIES 4
Duncan Morris
Honored Contributor

‎04-02-2006 11:23 PM

‎04-02-2006 11:23 PM

Re: Unnecessary Ports Opened on OpenVMS System.

Hi Mahmoud,

execute the following:-

tcpip> show device

to see what ports are in use on the system, the you get a display like this.

TCPIP> show dev

Port Remote
Device_socket Type Local Remote Service Host

bg19 DGRAM 520 0 *
bg39 DGRAM 111 0 PORTMAPPER *
bg40 STREAM 111 0 PORTMAPPER *
bg42 STREAM 21 0 FTP *
bg46 STREAM 515 0 LPD *
bg83 DGRAM 10 0 MOUNT *
bg93 STREAM 10 0 MOUNT *
bg99 DGRAM 5151 0 PCNFS *
bg100 STREAM 5151 0 PCNFS *
bg112 STREAM 102 0 *
bg115 STREAM 399 0 *
bg119 STREAM 512 0 REXEC *
bg121 STREAM 514 0 RSH *
bg123 STREAM 22 0 SSH *
bg125 STREAM 23 0 TELNET *
bg155 STREAM 6000 0 *
bg4803 STREAM 49180 6000 10.1.1.1

This will show you which ports have anything listening on them.

If you are unsure of any entry, then look at the BG device from DCL

> SHOW DEV/FU BGxxx

$ sh dev bg115/fu

Device BG115:, device type unknown, is online, mounted, record-oriented device,
network device, mailbox device.

Error count 0 Operations completed 4
Owner process "TCPIP$PWIP_ACP" Owner UIC [SYS,SYSTEM]
Owner process ID 000000A3 Dev Prot S:RWPL,O:RWPL,G:RWPL,W:RWPL
Reference count 1 Default buffer size 256


0 Kudos
Reply
Ian Miller.
Honored Contributor

‎04-02-2006 11:29 PM

‎04-02-2006 11:29 PM

Re: Unnecessary Ports Opened on OpenVMS System.

IIRC There is not a firewall like software that can be installed on VMS.

You can disable unrequired services with SYS$MANAGER:TCPIP$CONFIG.COM

Which port numbers did your scan find?
____________________
Purely Personal Opinion
0 Kudos
Reply
Petr Spisek
Regular Advisor

‎04-03-2006 09:57 PM

‎04-03-2006 09:57 PM

Re: Unnecessary Ports Opened on OpenVMS System.

Hi,
I don't know any sw firewall common intergated to VMS. http://h71000.www7.hp.com/wizard/wiz_5186.html Commonly is used some external firewall for disallow ports.

@sysmanager:tcpip$config is easy for enable/disable and start/stop of services. Next useful comands are:
tcpip sho services
tcpip netstat -na (don't ask nameserver)
tcpip set [no]service

Petr
0 Kudos
Reply
Willem Grooters
Honored Contributor

‎04-03-2006 11:39 PM

‎04-03-2006 11:39 PM

Re: Unnecessary Ports Opened on OpenVMS System.

THe best firewall you can have - on any system - is disable ports you don't use. That is: do not enable a service on that port (either explicitly defined, or implied starting a program like the webserver). AFAIK, ports that have no program serving it will be closed down - by default. Any traffic to that portt will fail since it won't react.
To find out what ports are actually activated: use $ TCPIP SHO DEV and for those you want to investigate deeper: $ TCPIP SHO DEV/FULL and $ TCPIP SHO PORT/FULL.
No doubt SDA can give you clues as well what service-program to stop
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.