[prev in list] [next in list] [prev in thread] [next in thread]
List: gauntlet-user
Subject: Re: securityalert tcp if=lo port counting up to port 1712
From: "B. Swann" <swann () spawar ! navy ! mil>
Date: 1999-12-27 18:43:59
[Download RAW message or body]
I know that HP uses the swagent daemon. I think Gauntlet use to leave
it on. When you run SAM, it often uses the sw commands to verify
certain packages are installed.
"Christopher J. Wargaski" wrote:
>
> Hey Roger--
>
> I failed to recognize lo0 as the loopback address, it was late!
> So that means that a service on the HP box is talking to itself, (or
> some other service on the box) and connecting at TCP port 1712.
>
> You might try "netstat -a" to see what services are listening,
> or established on TCP port 1712. That may give you information as
> to what the service is. Then you can determine if the service is
> needed or not, and possibly shut off the service on the box.
>
> Why is this traffic being generated? I can only speculate,
> Gauntlet may not shut off all of the unneeded services on HP-UX,
> or something custom was added to this machine to cause this traffic.
> I highly doubt that Gauntlet is causing the traffic, rather I believe that
> Gauntlet is seeing this traffic as not standard, and is just alerting you.
>
> cjw
>
> Christopher J. Wargaski
> RMS Information Technology Integration
> cjw@rmsbus.com
--
- Bryan Swann (swann@spawar.navy.mil) 843/974-4825 843/554-0015 (Fax)
- Eagan McAllister Associates, Inc.
-
- I don't suffer from insanity; I rather enjoy it.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic