Clive,
This is Compaq Insight Manager's Web Agent. TURN IT OFF. It does
several bad things:
1) Sets up a web server running on http://servername:2301 which contins
WAAAAYYY too much critical system information that a cracker would love
to get ahold of
2) It broadcasts for the purposes of finding other Compaq servers on
your network and placing *their* information onto it's web site (above)
3) Older versions contain bounds checking vulnerabilities that allow
remote users to retrieve any file on the filesystem
(c:\winnt\system32\repair\sam._ for example).
Long story short - it's bad juju. Hope this helps.
Jason
http://www.wittys.com
Clive Lawrence wrote:
>
> Hi,
>
> I was hoping somebody on this list may be able to enlighten me as to what
> the cpq-wbem service does? We have a Compaq 1850R server in a DMZ and it
> appears to be broadcasting (dest. 255.255.255.255) using this service. I
> believe it is port 2301. Should this be allowed outside the DMZ, or can I
> turn it off somehow. It is filling my logs quite quickly!
>
> Any help appreciated. I'm a bit new to this but the list proves to be great
> reading at times! I'm still amazed I was able to configure the Intrusion
> Detection script today......
>
> Clive
>
> Clive Lawrence
> Telecommunications Manager
> Wireless Data Services Ltd.
> (A member of the Hugh Symons organisation)
> Tel: +44 (0) 1202 713704
> E-Mail: [EMAIL PROTECTED]
> Web: www.wds.org
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
