[22735] in bugtraq
Re: HACMP and port scans
daemon@ATHENA.MIT.EDU (Andreas Siegert)
Wed Sep 26 12:49:52 2001
Date: Wed, 26 Sep 2001 10:14:40 +0200
From: Andreas Siegert <afxml@atsec.com>
To: bugtraq@securityfocus.com
Message-ID: <20010926101438.A1730@cray.muc.atsec.de>
Mail-Followup-To: Andreas Siegert <afxml@atsec.com>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000701c145b6$4793d680$0c0d84c8@w118227>; from apolli@pucrs.br on Tue, Sep 25, 2001 at 01:36:12PM +0200
Quoting Alex Polli (apolli@pucrs.br) on Tue, Sep 25, 2001 at 01:36:12PM +0200:
> Yes, I've faced this. In fact, the tcp connect() function, when applied to
> certain HACMP ports causes the system to shut down that node. However, if
> you make a SYN scan it won't happen.
>
> IBM has given us no workaround, so we deployed a firewall in front of the
> cluster machine, dropping packets to the HACMP ports.
Current AIX releases (AIX 4.3) have a packet filter that might help.
cheers
afx
--
atsec information security GmbH Phone: +49-89-44249830
Steinstrasse 68 Fax: +49-89-44249831
D-81667 Muenchen, Germany WWW: www.atsec.com
May the Source be with you!
