Hi,

( I hear the sounds of a sysop pressing the "cross-posting" button...
)

I assume you have actually blocked the ports in question using
FILTCFG, etc.

Did the "vulnerability auditor" indicate the ports as (1) open, (2)
filtered, or (3)actually presenting vulnerable service? Because
there be a huge difference between the three.

BTW, why have you left { Insight Manager and an HTTPS site } bound to
the public interface? You can probibly load / configure these so
that they bind only to the private interface. ( Or in the case of
Insight Manager and its attendant gaggle of buggy agent software,
don't load it at all. ) You cannot do this for BTRIEVE.NLM and
LTAIP.NLM, I don't think.

-- Bob


^`..^`..^`..^`..^`..^`. .^`..^
Robert Charles Mahar
"Network Manager" :
Muhlenberg College : "Programming is like teaching a
2400 West Chew St. : jellyfish to build a house."
Allentown PA 18104 :
Ph (484)664-3309 :
Fx (484)664-3536 :
^`..^`..^`..^`..^`..^`. .^`..^



>>> Jim cusson<jcusson@compassbank.com> 10/17/2003 10:23:39 AM >>>

Hello,
We've recently had a vulnerability audit and I was surprised to find
that
several services showed up when testing the public side of the
BorderManager
firewall. Ports 43 (https), 2301 (Insight Manager), 2877 (LTAuditor),
3351
(B-Trieve) and 21571 (****ed if I know!) all showed on the public
side. Six
months ago this was not the case but I know we've applied SP5 for NW
5.1
since then and (perhaps) an updated TCPIP patch. (I know, I should
have
checked after each update :( ).

I'm running:
TCPIP 5.9u
IPflt 4.60a July 17, 2002
filtsrv 1.50 October 5, 1998
BM 3.6 SP 2a with BM36C02
NW 5.1 SP5

Please help in ensuring these services don't show on the public side
of
things.

Thanks!!
Jim