Signature id for tcp port 6070
guys,
We've problem with signature IPS in our idsm2, my customer is Banking company,they want to develop
application banking based on ip, the application need to open and allowing port tcp 6070 and 7007
is there any signature ID that's inspect the traffics of application?
the condition idsm2 is bypassing the engine inspection.but it's not the clear solution coz it's make all
traffic is bypass without inspection.
if the engine bypass is auto mode, no one event of ips can hit or show the signature engine,The IPS does not generate alerts, but the application
cannot established, it's always retransmitted if we tap using wireshark.
Need your respond ASAP.because my customer has develop this application in every branch.
Thanks.
Regards,
Rusdi
It sounds that it matches the TCP engine and if the TCP banking application does not conform with the RFC standard, it could possibly be inspected by the IDSM2 TCP engine. You would need to check the TCP engine signatures in the IDSM2.
Similar Messages
-
Unable to telnet on command prompt for udp port 514, but able to on cmd for tcp port 514
I am unable to telnet on command prompt for udp port 514. But when I use packet snifer or wireshark I am able to see traffic going to the targetted server from udp port 514. I thought it might be a firewall issue blocking the port from communicating. But
I figured out that windows firewall is disabled. I am able to make similar connections on the cmd for tcp port 514.
I did a netstat -an and see that udp:514 is enabled and listening on the server.
What am I missing here?Telnet actually supports TCP only. You might want to try another tool as suggested here: http://serverfault.com/questions/263032/how-to-connect-to-a-udp-port-command-line
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Saprouter config with RFC on tcp port 33xx
I have a customer who has configured saprouter to allow remote (from the Internet) connections via the SAP GUI. These connections work great. However, when they try to add entries to the route tables for TCP port 3300, 3301, and 3303 the external application they are using (a gateway connection on these ports) fails. Is there some special configuration which needs to take place to allow the RFC connections vs. the regular SAP GUI connections on ports 32xx?
Kind Regards,
Eric J.I was able to fix the problem by configuring profile parameter "gw/alternative_hostnames" to the public IP of the SAP system.
-
Monitor a TCP port but alert only if timed out X times
Hello,
I need to build a moniotr that will probe a TCP port but alert only if timed out X times
I was looking at Microsoft.SystemCenter.SyntheticTransactions.TCPPortCheckProbe module but it doesn't have this options
Thanks,
MariusYou can check
http://www.ghacks.net/2010/05/25/tcp-port-monitor-port-alert/
for TCP Port Monitor Port Alert -
Dear Expert,
I study the ACL to filter (stop) the tcp port from below URL
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
In the section of "Allow Only Internal Networks to Initiate a TCP Session", grateful if someone would enlighten me the usage of "established"
interface ethernet0
ip access-group 102 in
access-list 102 permit tcp any any gt 1023 established
What is different if the ACL is changed to following:
access-list 102 permit tcp any any gt 1023
rdgsDear Jennifer,
Great helpful.
Gratful if you would comment on following configuration which I digest your advice
interface serial 0/0
description 45M DS3 from HK to US
ip access-group 105 in
interface fastethernet 0/0
Description Internat VLAN 100 for xxx department
ip address 102.168.100.0 255.255.255.0
ip access-group 101 in
access-list 101 remark -- only allow Web service from internal to outside --
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any http
access-list 105 remark -- allow return traffic if destination tcp port great than 1023 --
access-list 105 permit tcp any 192.168.100.0 eq http 0.0.0.255 gt 1023 established
! it should embed the partial function of "permit tcp any eq http 192.168.100.0 0.0.0.255 gt 1023" but the
! traffic should be permit only if it initiates from 192.168.100.0/24. If the traffic is initiate from outside,
! the acl 105 would deny it.
access-list 115 remark -- allow in/return traffic for tcp port great than 1023 --
access-list 115 permit tcp any eq http 192.168.100.0 0.0.0.255 gt 1023
! the traffic is permit no matter it is initiate from internal or external
access-list 125 remark -- allow return traffic for all tcp port --
access-list 125 permit tcp any eq 80 192.168.100.0 0.0.0.255 any established
! include the function of ACL 105, also support tcp port range from 1 to 1023
access-list 135 remark -- allow in/return traffic for all tcp port --
access-list 135 permit tcp any eq 80 192.168.100.0 0.0.0.255 any
! include the function of ACL 115, also support tcp port range from 1 to 1023
If so, I would like to modify the ACL to support more services, grateful if you would comment on it.
access-list 101 remark -- only allow Internet services from internal to outside --
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any http
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any smtp
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any pop
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any imap
access-list 101 permit tcp host 192.168.100.120 eq imap any estanlished
access-list 101 permit tcp 192.168.100.0 0.0.0.255 any telnet
access-list 145 remark --- return and in traffic ---
access-list 145 permit tcp any 192.168.100.0 0.0.0.255 gt 1023 established
access-list 145 permit tcp any host 192.168.100.120 imap -
ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4
We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
Thanks,
probe tcp PROXY_BCC_PROBE
port 8084
interval 3
passdetect interval 3
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method head url /index.html
expect status 200 299
probe http PROXY_HTTP2_PROBE
ip address 198.133.219.25
port 74
interval 3
request method get url /
expect status 200 299
probe tcp PROXY_PROBE
port 74
interval 3
passdetect interval 3Hi,
I have seen this working for one of the customer.
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
If I modify your probe :
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method get url
http://www.gmail.com
expect status 302 302
Give it a try and see if that helps.
regards,
Ajay Kumar -
How do I do the following so I can get into my chess program??
The access to our new chess hall may be blocked by your
local firewall. You would need to reconfigure your firewall to open port 15010
for TCP traffic.This is not really Firefox related.
What you need to do here is to read the firewall manual which usually explains how to create a rule for what you want to do.
If you're using the Windows XP firewall, see this Microsoft article: http://windows.microsoft.com/en-US/windows-vista/Firewall-frequently-asked-questions -
Does Anyone Know the Standard TCP Port number for "itpc" Protocol?
Hello,
I am trying to determine if the TCP port number for “itpc://” protocols is 3689 (iTunes Music Sharing), 443 (iTunes Store), 548 (Personal File Sharing, Apple File Share), or another number. Searching through this form and referring to “Well Known” TCP and UDP Ports Used By Apple Software Products Tech document help point me in the right direction, I have no way of confirming any of the numbers as the standard.
I have attached the URLs to documents that go further in depth on what I am talking about.
“Well Known” TCP and UDP Ports Used By Apple Software Products Tech document
http://docs.info.apple.com/article.html?artnum=106439
Article explaining iTunes podcast direct links (“itpc://”)
http://www.apple.com/itunes/store/podcaststechspecs.html
Thank you for your help.
Toshiba Windows XP ProHi Krisina ,
You could seek help referring to the following link and find your serial number easily.
https://helpx.adobe.com/x-productkb/global/find-serial-number.html
Regards
Sukrit Dhingra -
Looking for local VRU-PIM TCP port
Hi Team,
I am setting a VRU-PG to connect an external IVR, however I couldn't find anywhere what is the TCP port number used by the vrupim.exe process to open our firewall port accordingly.
Is the VRU port dynamic ? "The port Port Utilization Guide for Cisco Unified Intelligent Contact ManagementEnterprise & Hosted Release 8.0" document mentions that for GED-125 the server Protocol/Port is TCP 5000–5001.
However in my case the local TCP port of vrupim.exe keeps changing. Whenever I cycle the PG it is changed to 1102, or 3352, 3407, 3443 etc..
Thanks & Regards
Nick
Note:Hi Sentil,
Thank you for your answer. The "VRUTcpServiceName" setting is indeed set to 3000. This is my remote port for my the
VRUIpHostName 10.173.33.143. However this is not what I am looking for.
I am looking for the local port range which is used by the the VRUPIM.EXE process which is at the moment 2481 (see belloww). This is because the is a firewall on the remote site, where the VRU server is located, and they need to know which are the ports to open.
C:\icm\pft\PG1A>netstat -bn
Active Connections
Proto Local Address Foreign Address State PID
TCP 10.157.124.37:1802 10.157.124.33:40002 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:1803 10.157.124.50:40017 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:1804 10.157.125.50:41003 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:1805 10.157.125.50:41017 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:1806 10.157.125.33:41002 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:1807 10.157.124.50:40003 ESTABLISHED 4964
[pgagent.exe]
TCP 10.157.124.37:2481 10.173.33.143:3000 ESTABLISHED 4560
[vrupim.exe]
TCP 10.157.124.37:3389 10.159.29.60:52247 ESTABLISHED 3340
TermService
[svchost.exe]
TCP 127.0.0.1:1069 127.0.0.1:7161 ESTABLISHED 3388
[msnsaagt.exe]
TCP 127.0.0.1:1076 127.0.0.1:7161 ESTABLISHED 3420
[cccaAgent.exe]
TCP 127.0.0.1:1077 127.0.0.1:7161 ESTABLISHED 3396
[hostagt.exe]
TCP 127.0.0.1:1138 127.0.0.1:7161 ESTABLISHED 3408
[sappagt.exe]
TCP 127.0.0.1:7161 127.0.0.1:1069 ESTABLISHED 3380
[snmpdm.exe]
TCP 127.0.0.1:7161 127.0.0.1:1077 ESTABLISHED 3380
[snmpdm.exe]
TCP 127.0.0.1:7161 127.0.0.1:1076 ESTABLISHED 3380
[snmpdm.exe]
TCP 127.0.0.1:7161 127.0.0.1:1138 ESTABLISHED 3380
[snmpdm.exe]
TCP 10.157.124.37:1062 10.157.124.42:389 CLOSE_WAIT 3048
[DiagFwSvc.exe]
C:\icm\pft\PG1A>
Regards
Nick -
Destinations and TCP Port Numbers for Creative Cloud
Hi
What are the Destination IP's and TCP port numbers that need to be allowed on a firewall to use creative cloud in a secure network?
thanksRave wrote:
Hi mccalel,
CS3 is a very very old software and is not a qualifying version for upgrade.
Not sure I follow.
The discounted promotional deal (for the first 12 months) for existing owners of CS3-CS6 suites is what the OP is trying to take advantage of.
https://creative.adobe.com/plans -
IPS - alarm on specific tcp port scan
Hi there,
My problem is:
I want to create a rule on IPS 5.x, in which a TCP high port rage sweep triggers a low alarm, but if the sweep includes tcp 2400 port, than I receive a high level alarm. But in the same time I don't want any alarms, if theres is a full 3-way handshake to tcp 2400 ports . Is it possible at all?
Thanks,
AaThe short answer is no, it does not help thanks... Shortly because it was not an answer to my question ;-)
After further investigation I found the so-called META engine, in which there is a "component list", in which you can define more signatures. The alarm is fired if all the selected events match.
Unfortunately the component list doesn't allow you to add a custom signature the the list, so I had to clone the "normal" tcp port sweep engine (to keep teh original), than modify the original 3001 engine to fire on tcp port 2400 mathces. Then I added this signature and TCP high port sweep signature to the component list.
In this way it works. If anyone can suggest an easier way - Welcome! But now I think that can be a useful info for others also.
Bests,
Aa -
On MARS alerts (from IPS 4260) are received on one of the IE vulnerabilities.
Event- Microsoft Internet Explorer Dynamic HTML Element Processing Memory Corruption Vulnerability
Source ip/port-a.b.c.d/0
Destination ip/port-w.x.y.z/0
Protocol-TCP
[w.x.y.z is my proxy]
[a.b.c.d should be a web server, running port 80]
Qn> what is tcp port 0?why does MARS display as port 0?If you click on the name of the 'Reporting Device, for example 'ABCD-IDS-1', MARS will show you the 'Raw Event' (as received from the sensor). This will help you show if the IPS is sending the zero port or its the MARS.
Some signatures don't report the port number properly, I don't this this is a bug or by design :) (Since the signature already says 'HTML' )
Btw, I see this false positive on one of our customer's all the time....
Regards
Farrukh -
Help needed for a port scanning project
Thank you first.
This is actually my shcool project. we are writing a little port scanner in Java. I want to know how to
tell the OS of a target machine.
tell the UDP and TCP ports( which are UDP ports and which are TCP ports).
My understanding of telling UDP or TCP ports is that an active UDP ports will not respond and a closed one will generate an error.
Thank you again for your advice.this is the just an idea
echo, 7
ftp-data, 20
ftp, 21
telnet, 23
smtp, 25
time, 37
name, 42
bootp, 67
tftp, 69
finger, 79
http, 79
pop3, 110
nntp, 119
login, 513
printer, 515
route, 520
String cIP = "192.168.0.1";
int nPort = 23;
Socket test = new Socket( cIP, nPort );
public Socket(String host, int port) throws UnknownHostException, IOException{
this(InetAddress.getByName(host), port, null, 0, true);
try{
// connection code in here
catch(Throwable e){}
String cIP = "192.168.0.";
int nPort = 23;
for( int nClassC=0; nClassC<=255; nClassC++ ){
try {
Socket test = new Socket( cIP+nClassC, nPort );
test.close();
} catch ( Throwable e ) {}
public class checkSingleIP extends Thread{
private String cIP;
private int nPort;
public checkSingleIP(String cIP, int nPort ){
this.cIP = cIP;
this.nPort = nPort;
public void run(){
try {
Socket test = new Socket( cIP, nPort );
System.out.println( nPort +" disponibile" );
test.close();
catch ( Throwable e ) {
System.out.println( nPort +" NON disponibile" );
checkSingleIP ip =
new checkSingleIP( "192.168.0.1", 23 );
ip.start(); -
How to get the number of bytes at TCP port
Hi all,
How to get the number of bytes to read at the TCp port...as someone had suggested in some forum we do read the number of bytes first and then pass this...
but we get a problem when we have FF data in this...because then it sends 2 FF data...and cause of this we skip the last data...is there any solution for the same?Hi
In LabVIEW you don't have the same property as in serail port.
You havn't "Byte at TCPIP port".
if you developp a protocol, one soltion, is to send the size to read.
Ingénieur d'Application / Développeur LabVIEW Certifié (CLD)
Application Engineer / LabVIEW Certified Developer (CLD) -
Port Forwarding for Minecraft - Port not recognized as open
I am trying to set up Port Forwarding to host a Minecraft server on a local machine. I am able to connect to Minecraft from within the network, but when I try to use my external IP, it fails. I have port forwarding (supposedly) set up on my Airport Extreme base station, for TCP/UDP port 25565. When I check on canyouseeme.com , it says that the port is not open. Do I have some configuration wrong in Airport Utility? I'm pretty sure it's not something wrong with my Ubuntu box (the one hosting the server) because I am able to connect to it without any problem using it's Internal IP.
Any help is greatly appreciated.I am having this same problem. My AirPort Utility is v6.2. I have followed a tutorial labeled for v6. I cannot open my ports.
I have a static IP address with the following:
Router Mode: DHCP and NAT
I increased the DHCP Range so it would include the static IP address I selected.
DHCP Reservations
Description: Minecraft
Reserve Address By: MAC Address and entered my MAC address
IPv4 Address: the static IP address that I created in System Preferences- Network
Port Settings
Description: Minecraft
Public UDP Ports: 25565
Public TCP Ports: 25565
Private IP Address: same as above which is the same as the statis IP address
Private UDP Ports: 25565
Private TCP Ports: 25565
I also checked with Comcast, my internet provider, to make sure they were not blocking port 25565. The person on the chat said that that port was open.
I have been using yougetsignal.com to check if my ports are open and so far nothing.
Does anyone have any suggestions?
Maybe you are looking for
-
How can I stop Acrobat from reordering files when importing files to create a PDF?
To all those more knowledgable than I, I am converting a larger amount of tiff files into one PDF. The TIFF files are numbered 1-100. When I "add files" in the diaologe window they reorder because Acrobat does not look at the third number so then I h
-
I'm a new potential FCP X user. Can I buy software to load onto my imac and macbook pro or is FCP X only available as a download? I'd like to be able to edit on the road as well as at home.
-
MS SQL SERVER 2005 CLIENT ACCESS TOOLS
HELLO EXPERTS I wanted to install sql 2005 client access tools, but I cannot seem to find it on my installation CD, any help please? Urgent and thank you
-
Multiple System identifiers for one EDI Party
Hi, I'm getting a problem when trying to send an IDoc to another R/3 system. I did the first tests with our SandBox and everything was working perfectly. Now, I'm trying to do the same tests against our QAT server. So first, I have created all the
-
Hi I just want to email certain album art to share what I have with my friends.