Than you all for your replies. But what really has me a little upset is that our nt team they care nothing about routing and very little about security they just need these high dollar applications to work because if not it does not look well to management. Anyway off my soapbox, how this came about they are using this program to update the clients I suppose or at least I was told and clients on the same subnet they can go out and discover those clients, but any clients not on the same subnet that has to cross the router the discover utility does not work and the server does not see any of those clients. So doing the research from what the vendor told us and reading that doc it looks to me as if the server is not talking to one specific ip in the case of ip helper but is broadcasting to all the clients on that subnet that is why I am stuck. I should have given more information before but trying to explain the security ramifications and routing issues to the nt team had me so frustrated last night. I will be putting a sniffer on today on both sides of the router to see what it looks like. But talking with the vendor the server broadcast for these clients then the clients respond directly with this rpc call.
What a mess, if anyone is interested I will keep you up to date on the fix for this product. -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 12:17 AM To: [EMAIL PROTECTED] Subject: Re: Broadcast ports [7:51805] Chuck's Long Road wrote: > > ""Priscilla Oppenheimer"" wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > No wonder you are a bit lost. They aren't using our > networking terminology > > quite correctly. There's no such thing as a broadcast port > and hence you > > can't open it. Perhaps what they mean is that you need to get > the router > to > > forward the IP broadcasts to UDP port 42508. Do this with an > ip > > helper-address on the incoming interface. Tell the router to > forward the > > packets to a specific address or a broadcast address, > depending on your > > needs. Make sure you are specific regarding which packets to > forward by > > using the ip forward-protocol and no ip forward-protocol > commands. > Otherwise > > the router will forward TFTP, DNS, NTP, NetBIOS, DHCP, and > TACACS and not > > the packets in question. (The app does use UDP I hope? I > don't this works > > for TCP-based traffic.) > > > > It doesn't sound like a very well-behaved application. I > wonder why it has > > to use broadcasts? But, application developers often don't > know > networking. > > Argh. ;-) > > CL: off topic, but I finally got my OpNet upgrade installed > today. failed > several times because...... OpNet demands that the license > registration take > place over the web, and for some reason their web server and my > employer's > firewall aboslutely hated eachother. Once I plugged my laptop > directly to > the 'net, the licences registration went perfectly. Ugh. Maybe it was using a non-standard port or something... > > CL: I mention this only becasue of your comment about well > behaved > applications. These days, with unlimited bandwidth, I wonder if > it is even Bandwidth isn't the issue, but getting it to work certainly is, as you saw. I read the document for that app in question, Etrust AntiVirus Inoculate. It appears that the Redistribution Server downloads signatures from Computer Associates via FTP. That should be fun to get throught the various firewalls!? The document doesn't even say if it uses passive or active. Also, I wonder about a man-in-the-middle attack. One could wreak havoc by messing with those downloads. They probably are aware of that though. I only have that one document and I'm sure it's not the entire story.... Have fun with OpNet! Priscilla > worth the fight about well behave apps and security conscious > vendors. About > the only reason I am even bothering with OpNet is because it > has a decent > simulation component, and it is my intention to learn how to > bang out some > bandwidth simulations to show the relative merits of 256K > internet access > versus full T1 internet access. Last time I did one of these > sims ( a couple > of years ago ) the software indicated there wasn't much merit > at all. I'm > curis to see if they OpNet has become a bit more sophisticated > and if so, > what that might mean for their conclusions. > > > > > > > > Priscilla > > > > Elijah Savage III wrote: > > > > > > Ok I am a little lost here but our NT team has rolled out > this > > > product. > > > > > > > > > > > > > http://files.ruca.ua.ac.be/pub/security/virus/ca/rolloutig.pdf > > > > > > > > > > > > Everything is working but the server can't see the clients > > > because in > > > the document above it states that router ports need to be > open > > > to past > > > these broadcast, I do not think this is a good idea but my > hand > > > is being > > > pushed to make this happen. But question is how in the heck > I > > > am gonna > > > get routers to past this broadcast port stated in that > document. > > > > > > > > > > > > Here is the snippet. > > > > > > > > > > > > 5) What port number would you like the admin server to poll > > > clients on? > > > > > > In the NameClient section of the ICF file two settings for > > > client > > > polling by the admin server > > > > > > exist. These values are Broadcast ports and Pollbroadcast > ports > > > both > > > with the default > > > > > > value of 42508. For security reasons, it is suggested that > you > > > change > > > these values. In > > > > > > addition, to perform a free election this port must be > opened > > > on the > > > routers internally for > > > > > > broadcasts. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51829&t=51805 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
