Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Remote Access Service

Posted on 2014-03-10
6
Medium Priority
?
513 Views
Last Modified: 2014-03-16
Hi.

We have some remote access software running on a Cent OS server. The service is called SimpleHelp if anyone is familiar. We recently migrated from a VPS to a dedicated server and have since been having problems.

The program uses port 900 which has been opened for both TCP and UDP. Clients using a http/tcp connection seem to be working. Those using UDP will show as online but cannot connect (90% use UDP only...).

I used nmap to scan port 900 UDP on the server. It shows as open but the listening service is named: omginitialrefs
This service is not related to our remote access software and I have no idea what it does. Can it safely be stopped and how?

Thanks in advance for any replies
0
Comment
Question by:KTBerwick
  • 4
  • 2
6 Comments
 

Author Comment

by:KTBerwick
ID: 39918857
Just thought I should add... changing to a different port would be a major difficulty as we would have to manually update every client to look at the new port.

Another thought - If I were to change the remote software to listen on say port 5432 could all traffic destined for port 900 be redirected to port 5432?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1500 total points
ID: 39919275
nmap has its own copy of /etc/services
and 900/tcp and 900/udp are registered to OMG for OMG Initial refs protocol
so simplistichelp is free-riding on others horse...
and nmap calls port right

you can check with netstat -anpu that it is fine, nothing to kill (why you poertscan a system when you have netstat?)
0
 

Assisted Solution

by:KTBerwick
KTBerwick earned 0 total points
ID: 39920257
Thanks for the reply.

I have very limited knowledge of Linux so the netstat command never came to mind. I was also trying to verify port 900 was actually open.

Since posting I have made a few changes.
Someone suggested it may be a permissions issue as processes require root privileges to bind any port lower than 1024. I added a firewall redirect for all traffic on port 900 to be forwarded to port 5432. Then I configured the SimpleHelp software to listen on 5432.

This seems to be working. There are maybe 20-30 clients missing but I can deal with adding them again. Far better than the 250+ clients that were missing to begin with.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 62

Accepted Solution

by:
gheist earned 1500 total points
ID: 39920353
netstat is on windows and macintosh too...
0
 

Author Comment

by:KTBerwick
ID: 39922209
I'm aware of netstat I just didn't realise it worked on Linux.

Anyway, the problem is now solved. The missing PC's have came on-line throughout the day and we haven't had any issues since I made the changes described previously.

Adding you as a partial solution as your explanation of the nmap output cleared things up for me.
0
 

Author Closing Comment

by:KTBerwick
ID: 39932364
The firewall redirect of port 900 is what resolved all our problems.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question