[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gauntlet-user
Subject:    Re: securityalert tcp if=lo port counting up to port 1712
From:       "B. Swann" <swann () spawar ! navy ! mil>
Date:       1999-12-27 18:43:59
[Download RAW message or body]

I know that HP uses the swagent daemon.  I think Gauntlet use to leave
it on.  When you run SAM, it often uses the sw commands to verify
certain packages are installed.

"Christopher J. Wargaski" wrote:
> 
> Hey Roger--
> 
>         I failed to recognize lo0 as the loopback address, it was late!
> So that means that a service on the HP box is talking to itself, (or
> some other service on the box) and connecting at TCP port 1712.
> 
>         You might try "netstat -a" to see what services are listening,
> or established on TCP port 1712. That may give you information as
> to what the service is. Then you can determine if the service is
> needed or not, and possibly shut off the service on the box.
> 
>         Why is this traffic being generated? I can only speculate,
> Gauntlet may not shut off all of the unneeded services on HP-UX,
> or something custom was added to this machine to cause this traffic.
> I highly doubt that Gauntlet is causing the traffic, rather I believe that
> Gauntlet is seeing this traffic as not standard, and is just alerting you.
> 
>                                         cjw
> 
> Christopher J. Wargaski
> RMS Information Technology Integration
> cjw@rmsbus.com

-- 
- Bryan Swann (swann@spawar.navy.mil)  843/974-4825   843/554-0015 (Fax)
- Eagan McAllister Associates, Inc.
-
- I don't suffer from insanity; I rather enjoy it.

[prev in list] [next in list] [prev in thread] [next in thread]