Rick Harderwijk wrote:
>Hi,
>
>Wanda wrote:
>
>
>>All the firewall guy had to do was create a rull that allows TCP/IP
>>
>>
>traffic
>
>
>>through the firewall for port 1500 for the particular client address.
>>
>>If you use SCHEDMODE PROMPTED, I believe you also have to enable port
>>
>>
>1501.
>
>
>>If you want to use the web client to do TSM backups/restores remotely,
>>
>>
>that
>
>
>>uses port 1581.
>>
>>All those ports are configurable, i.e., you can tell TSM client and server
>>to use different ports if you want
>>
>>
>
>I would STRONGLY suggest to choose different ports. I believe there's a list
>out there, I think it's through IANA (www.iana.org - somebody please confirm
>that) that tells which port is 'registered' . Pick some free ports high up,
>preferably not next to each other (I would go pick like 7492, 9816 and 9752-
>handpicked these :) ). Wouldn't want some h*cker discovering you're using
>1234 with some sec hole somewhere and let him just try 1235 and 1236, now
>would we?
>
There's not a great deal of advantage to using non-standard ports, and
it just confuses things... Any good firewall (And firewall admin) will
only open up the traffic between the client and the tsm server anway. So
a hacker would have to be on one of those boxes first in order to do
anything (Discounting forged packets here that should be denied at your
ISP link anyway) through that port.
Plus any hacker worth their salt will probably port scan you nayway (And
lots of script kiddies doit just to see). So if your ruls ISN'T tight,
it doesn't matter what port you put it on...
>
>But hey, waddah I know, it's just my $.02 - maybe I'm wrong. At least
>someone on the list will tell you, and you'll never forget (and neither will
>I).
>
>Regards,
>
>Rick
>
>
--
I don't suffer from Insanity... | Linux User #16396
I enjoy every minute of it... |
|
http://www.travellingkiwi.com/ |
