RMA-Win connections

General chat about HostMonitor (all messages posted before March 07, 2003 available here).
Locked
User avatar
hmo
Posts: 81
Joined: Fri Feb 14, 2003 6:00 pm
Location: Denmark
Contact:

Post by hmo »

Alex!

Within RMA You specify from where connections is allowed - either all or listet IPs. Even though, You can make a active connection to RMA-port... should'nt that be impossible? I mean... if source IP is not allowed to talk to that "deamon" on an given port.. then it should'nt make the connection in the first place! Right?

This might be a small issue, but be aware when useing RMAs through Internet/Firewall's etc. - then the "deamon" should'nt be talking to anyone not specifyed in the rma.ini file.

Cheers,
Hans Mosegaard

KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

>if source IP is not allowed to talk to that "deamon" on an given port.. then it should'nt make the connection in the first place! Right?

RMA accepts TCP connection from anywhere. But first action it takes is checking incoming IP address. If address is not in the list, RMA drops connections.

Regards
Alex
User avatar
hmo
Posts: 81
Joined: Fri Feb 14, 2003 6:00 pm
Location: Denmark
Contact:

Post by hmo »

It's imho not safe enough! Try to do a telnet onto RMA port... even though source IP is not granted, it will stay "connected" as long as you dont do anything! (untill defined timeout value). If you plan to use RMAs through internet/firewall's, then RMA should (read: it *must*) drop connection QUICK when it sees incoming IP address is'nt allowed! Why make RMAs attractive to scans or potiential "closer look" for a hacker?

Cheers,
Hans Mosegaard
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:

Post by KS-Soft »

>Try to do a telnet onto RMA port... even though source IP is not granted, it will stay "connected" as long as you dont do anything! (untill defined timeout value).

H'm, what Windows and telnet do you use? On our systems RMA drops connections from unauthorized addresses right away. It waits for data only from IP addresses that are in the list (if you use Accept connections from following addresses). Just checked..

Regards
Alex
Locked