There is a PDF document on this at www.bridge.com under
Products -> Internet -> BridgeChannel -> Firewall Issues. That
is loosely based on an analysis that I did for internal
consumption.
There are a few things that have changed since then and not
reflected in the document. There is a load balancing mechanism
in place (at the Bridge site, anyway; can't say about
third-party resellers) that exposes two IP addresses instead of
dozens. That's a plus if you want to restrict where this can
connect to. A potential security loss is that the latest
version of the Java applets are digitally signed in order to
break out of the sandbox. I believe that this is for printing
and, maybe, file saving, but I'm not close to the development
process.
I thought that they were going to try to have this tunnel over
(tunnel under?) HTTP so that you'd have little control over it
(at the request of customer firewall admins, no less!), but I'm
not sure how that effort turned out.
--
Ken Hardy
On Fri, 23 Jul 1999, Joel Cespedes wrote:
> Thanks to all who responded!
>
> After further investingating within the users community, the
> answer below by Ken Hardy is correct. A new user tried
> running some applications from Bridge and failed to do so
> as the packets were dropped at firewall.
>
> Now, I wonder if it would be safe to open up the 6080 port?
>
> -Joel
>
>
>
> Ken Hardy wrote:
>
> > One piece of software that uses port 6080 is Bridge Information
> > Systems' BridgeChannel product, which is a Browser/Java-based
> > product for accessing financial markets information realtime
> > over the Intenet. (It's also used by the BridgeStation
> > financial markets workstation, which is supposed to have an
> > on-site server but could hit your f/w if it's misconfigured.)
> >
> > AFAIK this port has not been registered with IANA. Of course,
> > nothing's to stop other software from using it, too. You don't
> > specify what makes you ask, but presuming that you're seeing
> > denied outbound connection attempts on this port, my guess
> > would be that one of your users is trying out BridgeChannel (or
> > TelerateChannel or CRB/MarketCenter or some third party's
> > re-branded version of the same.)
> >
> > If it's trying to hit addresses on 159.43.254.x or
> > 159.44.254.x, that's definitely it. But there are also
> > resellers of the service globally who have their own servers in
> > their own address spaces.
> >
> > c.f. http://www.bridge.com/
> >
> > --
> > KH
> >
> > On Thu, 22 Jul 1999, Joel Cespedes wrote:
> >
> > > Simple question: Can anyone tell me what port # 6080 and its
> > > protocol? I checked the /etc/services file and wasn't listed, also
> > > where can I find the various port numbers and their description.
> > >
> > > Thanks much.
> > >
> > > Joel Cespedes
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
